Decrypt Files Encrypted by Ransomware Viruses Part 4 - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by Ransomware Viruses Part 4

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

And here we are again in 2017. With the rise of ransomware viruses, more and more malware researchers from EmsiSoft, Kaspersky, Avast and BleepingComputer join their efforts to create decryptors for those ransomware viruses who failed at being impenetrable. We have decided to sum up all the decryptable ransomware viurses so far with the hope they will be reachable to more people. Below, we have also linked the other parts of these series of articles.

Decrypt Files Encrypted by Ransomware Viruses Part 1
Decrypt Files Encrypted by Ransomware Viruses Part 2
Decrypt Files Encrypted by Ransomware Viruses Part 3

Fake Cerber Ransomware

Being an imitator of one of the most notorious ransomware viruses ever to come out, the fake Cerber virus used the same wallpaper and even had a similar ransom note. It’s weakness however is that it was an EDA2 ransomware variant, which is not difficult to decrypt by researchers. Here is more information and decryption instructions:

Remove Fake Cerber Ransomware and Decrypt Encrypted Files

The “.L0CKED” File Virus

Little was known about this ransomware initially, but this was because it was not very popular. Few days after being discovered it was deemed to be a part of the many ransomware variants in the EDA2 family. Decryption instructions below:

.L0CKED File Virus (Decrypt Files)

DeriaLock Ransomware

Being part of the Lockscreen type of ransomware viruses that deny access to the whole system, this virus was reverse engineered later on and a password for it was found. All you have to do is to follow these instructions to unlock your PC:

DeriaLock Virus Remove and Unlock Locked Screen

UltraDeCrypter 2016 Ransomware

This ransomware virus was rather big and massive in terms of the fuss it generated when it was released. It is one of the “nicest” ransom viruses out there that wish Merry Christmas to victims. Fortunatly, being a part of the Cryp1 and CryptXXX viruses this one was also decryptable, as a Christmas gift. Instructions and more info can be found below:

UltraDeCrypter Virus – Decrypt Files for Free

Globe v3 Ransomware

This virus is very interesting, primarily because it came out in so many variants, that researchers have lost count. The first of the updated Globe variants used the .decrypt2017 and .hnumkhotep extensions and the 3rd version of Globe was initially thought to be a major improvement. With time however, a decryptor was eventually developed for the virus, by well-recognized in this field TrendMicro researchers. Instructions, we have provided below:

Decrypt Files Encrypted by Globe3 Ransomware

Comrade Circle’s .encrypted4 File Virus Variant

The “communist propaganda” virus came out in a second iteration which was eventually decrypted. Interestingly enough, this virus offered users to become a part of the ransomware project, even promising them dividents. Well, I guess this is a failed affiliate campaign. Instructions for decryption can be found below:

Comrade Circle Virus – Remove and Decrypt .encrypted4 Files

Marlboro .oops Ransomware

This virus has been reported to be encrypting files with the .oops file extension. Fortunately for the users, the cyber-criminals have made an ‘.oops’ when creating the encryption code. Malware analysts from EmsiSoft have created a decryption tool that works with this ransomware without a hic up. Here is the web link for instructions:

Decrypt .Oops Files Encrypted by Marlboro Ransomware

Merry Christmas Ransomware

Also being a Trojan horse that steals the files on the computer, this virus used multiple file extensions – .PEGS1, .MRCR1, .RARE1 and RMCM1. Having an evil Santa and a bomb, this virus was surely intimidating. However, it was also decrypted and instructions can be found in the green box below:

Decrypt Files Encrypted by Merry Christmas Ransomware

Alcatraz Locker Ransomware

Encrypting the files with an added .Alcatraz file extension to them, this virus was also widespread until researchers from Avast shut it down fairly quickly, resulting in it’s successful decryption. Instructions can be located below:

Decrypt Files Encrypted by .Alcatraz Locker


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:


  1. AvatarDamian Pineda

    Buenos días esta muy bueno el articulo pero no que que tipo de ransomware tengo, te acabo de pasar la imagen el aviso del virus es _HELP_HELP_HELP_6C5B.hta, y los archivos encriptados salen asi ejemplo: bVtfbWnyDw.8732, hay alguna solución que no sea restaurar? ya intente por ahi , solo aparecen los archivos encriptados ya la ,aquina muestra archivos y carpetas ocultos, saludos

  2. Avatardiego

    Me paso lo mismo, el virus tiene la extensión .GDCB
    Alguna herramienta para descifrar este virus?
    Gracias de antemano.

  3. AvatarVencislav Krustev

    Hola, esto es el variant de GandCrab Ransomware.

    Info en link:

  4. AvatarCarlos


  5. AvatarCarlos

    ese tengo yo esa terminacion .id-9891c9c4.[].arrow habra algun escryptador?


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share