How to Restore Files Encrypted by Ransomware (Without Decrypter)
THREAT REMOVAL

How to Restore Files Encrypted by Ransomware (Without Decrypter)

We have created this instructive article to best explain the current options that you as a victim have to restore your files in case you do not wish to pay ransom to cyber-criminals.

Ransomware viruses have been around for quite some time and with most of them now decryptable the developers of viruses have “learnt” their lesson and have created a much stronger encryption scripts than before. So with ransomware evolving, the common user does not really have the capability or the know-how on how he or she can fight back to this menace and get the files back without having to go through the painstaking process of paying BitCoins. This is why, we as a security blog with extensive experience in how such viruses encrypt your files have decided to go over the main methods that you can use to restore your encrypted files in the event that there is no decryptor that is officially working for the virus at hand.

How Do Ransomware Viruses Encrypt Files?

By default, encryption can be explained as “The process of encoding information so that only parties with access to it can read it.”, according to it.ucsf.edu. This basically means that the virus infects your computer after which runs a set of processes which create a copy of the original file and this copy has parts of data replaces with data from the encryption algorithm used (RSA, AES, etc.). The original file is then deleted and the virus leaves the file to appear as if it is corrupt. After the encryption is complete the ransomware generates a decryption key, which can be either Private(symmetric) or public. The trend nowadays is for ransomware viruses to use a combination of both, making the direct decryption even more impossible than it was before, unless you have a decryption software which is again, coded by the ransomware authors. For more information on how encryption exactly works, you can check the related article underneath:

Related: Ransomware Encryption Explained – Why Is It So Effective?

Before you start to recover files, be advised that for some methods to work, you will need to remove the ransomware virus from your computer beforehand. We recommend using an advanced anti-malware software for the removal process, since it is capable to fully and swiftly detect all malicious files and secure your computer by removing them and providing active protection against all possible threats, known at the moment.

How to Get Encrypted Files to Work (Alternative Ways)?

So, having briefly explained what has happened to your files, let us now discuss what you can do to get them to work again. In this article we have done our research to best provide you with instructions on the different alternative tools that you can use to get the files back. Do not consider the methods underneath a 100% solution, but rather something that you can try and it may or may not work. To install some hope in you recovering your files, however, I will say that depending on the virus and the situation, we have received feedback from ransomware victims who used those methods to restore some of their files and users who were able to restore absolutely every file that was encrypted successfully. Oh yes, and before you start readin about those tools and methods, be advised to read the decription of each method as we have explained where it can be used with maximum effectiveness, since this method is likely to be appropriate for your specific situation. Let us start!

Method 1 - Restore Files via Data Recovery Software
Method 2 - Restore Files via Windows Backup
Method 3 - Restore Files by Using Shadow Explorer (Shadow Copies)
Method 4 - Restore Files by Plugging Your Hard Drive to Another Computer
Method 5 - Restore Files by Using a Network Sniffer
Method 6 - Restore Files by Using Decrypters for Other Ransomware Viruses

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

129 Comments

  1. karim

    my computer is infected by a quite new malware named ilksktivw and demands money to release files.

    Reply
    1. Milena Dimitrova

      Hi Karim,
      Is that the extension that has been appended to your files? Can you give us more information?

      Reply
      1. Sergio Herrera

        Hola Milena

        Mi nombre es Sergio Herrera, yo tambien tengo problemas con mis archivos. estan encriptados por el virus pumax tienen extencion *.pumax. podras ayudarme para desencriptar mis archivos. realmente agradezco su ayuda.
        saludos cordiales.

        Reply
        1. Milena Dimitrova

          Hi Sergio,

          Fortunately there is a decrypter for the .pumax ransomware, please find it here: https://sensorstechforum.com/pumax-files-virus-remove/
          Have a look at the .pumax Virus – Update December 2018 section of the article where the download link is situated.

          Reply
          1. Otto Garzon Lazo

            Milena Dimitrova ,hola por favor, mi maquina se infecto con la extensión .promarad, según he revisado es de DJVU, puedes ayudarme por favor

      2. Gerardo ramos

        Perdí fotos muy importantes de un casamiento y se transformaron con extensión .blower no tengo dinero para pagar los desencriptadores quisiera saber si se puede hacer algo …. Incluso todo el disco quedo con los files en .blower por favor auxilio que hago

        Reply
        1. Mario

          we are having the same problem, if you can find any solution to this problem please let me know and I will do the same
          thank you.

          Reply
  2. Steven

    Hello Milena,

    My computer also infected by ransomeware and most of the files extensions are renamed as .zeyilkz, are there any ways to decrypt them? Million thanks.

    Best regards,
    Steven

    Reply
    1. Tsetso MihailovTsetso Mihailov

      That is a custom extension – it is robably GandCrab. Did you get a ransomware note or a text file with instructions? If you did, can you share the text here?

      Reply
  3. Kay

    Mine was named .adobe. Has anybody had any progress with resolving this?

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Kay.
      I have seen a person on Twitter who was able to decrypt some files encrypted by the .adobe ransomware. However, that person asks for thousands of dollars for his services. I guess a free decryption tool might be available soon.

      Reply
    2. Gergana IvanovaGergana Ivanova

      Hey, Kay!
      The same extension has been detected as one used by STOP ransomware strain. The good news is that security researchers have cracked the code of this threat and released a decryption tool. So you may be able to recover .adobe files with the help of this tool. Have in mind that another ransomware called Dharma also has a train that appends the extension .adobe. In case that your files were corrupted by Dharma .adobe your best option is to attempt to restore them from backups or consider the use of alternative data recovery approaches.

      Reply
  4. vaggelis

    my files are decrypted and the extension is ktpviuiin.
    how can i decrypt them ?
    please help i am desperate………..

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, vaggelis. This is a custom extension. It might be GandCrab ransomware. If it is a newer version – there is no solution. If the version is older, try the official decryption tool released last year – https://sensorstechforum.com/decrypt-gandcrab-ransomware-files/

      Reply
  5. Norma

    Mi equipo esta infectado por un randsomware y añadió a mis archivos y fotografías una extensión .djvuq y en cada carpeta hay una hoja nombrada .openme.tx Ustedes creen que sea posible restaurar mis archivos? Gracias por su ayuda!

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Yes – there is a decryption tool released. You can find a download link in the beginning of this article: https://sensorstechforum.com/djvur-ransomware-remove/

      .djvur and .djvuq are both variants of STOP ransomware and have the same decryption tool mentioned above.

      Reply
  6. DJELMEN

    My computer also infected udjvu and most of the files extensions are renamed as udjvu, are there any ways to decrypt them?

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hey, DJELMEN!

      Happily, you can attempt to restore .udjvu files with a free decryption tool released by the security researcher Michael Gillespie. You can download the tool via the Decryption Tool link here. The tool requires a pair of an original file and its encrypted version.

      Reply
  7. Jenaro

    Buenos días, tengo información encriptada por extención .Rapid, se puede salvar ?
    Gracias!!

    Reply
    1. Tsetso MihailovTsetso Mihailov

      You can copy your encrypted files to another disk drive and wait for an official decryption tool released for free.

      As for the decryption tool sold by the criminals, do not buy it – it is broken. Only a few files are decrypted with it if the criminals decide to give you a decryptor. Wait and maybe there will be a solution in the future.

      Reply
  8. Eliodoro

    Hola,
    el pasado 9 de enero de 2019 fue atacado mi pc y me encriptaron los archivos, la extensión de los archivos es “*.no_more_ransom”.
    En las carpetas dejaron un fichero llamador “How Recovery Files.txt” con el siguiente texto:
    Hello, dear friend!
    All your files have been ENCRYPTED
    Do you really want to restore your files?
    Write to our email – [email protected] …………
    El programa Spyhunter 5 no me ha detectado nada extraño en el sistema.
    La última copia de seguridad es de hace 2 meses.
    ¿Cómo podría desencriptar los archivos?
    Gracias de antemano

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Eliodoro,
      write to the support of Spy Hunter regarding the detection. As for the files – for the time being there is no official solution.

      Reply
  9. Umar Javed

    My computer is infected with all hard drives with gandcrab 5.1 and i am searching how can i get my files back and do not pay to that bastards

    Reply
    1. SUN

      MY PC ALSO AFFECTED WITH GAND CRAB 5.1 on 20 Jan 2019

      AND SEARCHING FOR A SOLUTION…..

      Reply
  10. Ban

    My PC also has been infected by ransomeware and all the files extension are in UIYAGBSI file. Please help

    Thank you.

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Umar Javed, SUN – GandCrab 5.1 is a newer version and there is no decryption solution for it.

      Ban – that sounds like GandCrab as well, but try the official decryptor if it is an older version of the virus: https://sensorstechforum.com/decrypt-gandcrab-ransomware-files/

      Reply
  11. Titan

    Hola alquien encontro como recuperar los archivos… Esos malnacidos me contaminaron todo el trabajo

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Titan,
      have you tried any of the above methods? Also, what ransomware has infected your files? If you know – share here.

      Reply
  12. ventsislav georgiev

    infected the extension is .ekptwbs tray many methods and nothing if abybody can help me my email is [email protected]

    Reply
  13. rach

    mon pc est infecte par un ransomware ; NANO aider moi svp a recupere tout mes fichiers

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hey rach,
      try using the Aurora Decrypter tool linked in this article : https://sensorstechforum.com/nano-files-virus-ransomware-remove/ There is a chance that this is another ransomware using the same extension (a Scarab ransomware variant), in which case we are unaware of a decryption solution.

      Reply
  14. ventsislav georgiev

    grandgrab5.0.4 extension .ekptwbs please help me to decrypt them with bitdefender its impossible my email is [email protected]

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Ventsislav,
      5.0.4 version of Gandcrab is not decryptable yet. You should backup your files and wait for an update to the decrypter – hopefully it will happen.

      Reply
  15. Jim

    Hi,

    A friend got infected with a ransomware called [email protected]

    Any ideas?

    Thanks

    Reply
    1. Tsetso MihailovTsetso Mihailov

      We are aware of the ransomware – you can check our article for more information – https://sensorstechforum.com/remove-jaffe-ransomware/

      Other than that, there is no known official decryption tool released for Jaffe ransomware.

      Reply
  16. Sagar SR

    Hi Milena,
    all my desktop files are infected by a GANDCRAB v5.1 under the file name .ubhoiy
    please help me retrieve my files..

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Unfortunately, GANDCRAB v5.1 is not decryptable for now. We cannot help you as no solution exists, yet.

      Reply
  17. Flamas

    Hola.. Mi pc se infecto con un ransomware que deja todos mis archivos con una terminación .blower me puedes ayudar?

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hola Flamas,
      currently there is no decryptor for .blower ransomware. As it is a STOP variant a decryptor might be developed. Just save your files and wait.

      Reply
  18. VIVEK

    my photo files are all encrypted with extension .bklhn
    Any help would be much appreciated

    Reply
    1. Tsetso MihailovTsetso Mihailov

      VIVEK,
      nowadays, solely knowing the extension of a ransomware virus is not enough to determine of which ransomware family it is. It looks as if you have a custom extension, which is probably generated by GandCrab ransomware. If that is the case and the infection is new (from this month) you probably got a newer version of the virus and it is not decryptable.

      Do you see anything else that you can share – a ransom note, message with instructions?

      Reply
  19. xfoun

    Buenas chicos , mis archivos estan encriptados en .local , alguna idea ?? muchas gracias

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hey xfoun,
      I have never heard of the .local extension. Any other information you can share on the virus – .txt file, ransom message or instructions on the infected computer?

      Reply
  20. Mario

    hi, let me know if you find any solution on this, we have the same problem. I will do the same for you.

    Thanks

    Reply
  21. Azhar Abbas

    My files infected on 9th February 2019, by KRAKEN CRYPTOR, encrypted files extension is .YTUSU , Please suggest any decryptor if available.

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello Azhar,
      there is no too that can decrypt KRAKEN CRYPTOR yet. We will write if such a tool is released.

      Reply
  22. KOSKAMP

    CAN SOMEBODY HELP ME WITH THIS EXTENSION .KUFQZTS TO REMOVE FROM MY FILES THANK YOU

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Probably GandCrab ransomware. If its new – it cannot be helped.

      Reply
  23. Akila

    is there any decrypter for the *.xoloed ransomware ? plz help

    Reply
    1. Milena Dimitrova

      Hi there,

      Can you give us more details about your infection? Is there a ransom note you can share with us?

      Reply
  24. Roan

    My files are named .qdsmrc is there a way to fix it ? I really want my good trip memories memories back :(.

    Reply
    1. Milena Dimitrova

      Hi Roan,
      Can you provide us with further details about your infection?

      Reply
  25. cristain

    hola mis archivos asido infectados con la extencion ( BTEGHU ) y deja un archivo de nota en cada carpeta con el nombre de BTEGHU-DECRYPT hay alguna solución para recuperar mis cosas

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, cristain.
      This is most likely GandCrab ransomware. Can you share the contents (text) of the BTEGHU-DECRYPT.TXT file?

      Reply
  26. Dialora

    My files are all infected on 16th February, encrypted files extension is JXSCT.
    Please suggest any decryptor if available

    Reply
  27. Gergana IvanovaGergana Ivanova

    Hello, Dialora!

    Considering the random extension you mentioned, we believe that your PC has been infected by a version of GandCrab ransomware. Do you see any ransom note or a text file with instructions? If you do, look for the mention of specific numbers. When you find them visit our article on how to decrypt files encrypted by GandCrab Ransomware and find your version. Beware that all versions released after 5.0.4 including the newest 5.1 are still not decryptable.

    Reply
  28. Bauti

    All my file are infected by gandcrab 5.1 on 16 February, encrypted files extension is “krsefzfhq”. I would really appreciate any help and suggestions.

    Reply
    1. Milena Dimitrova

      Hello,

      Sorry to hear about your infection. Unfortunately, there is no decryption tool for this version of the ransomware. You can remove the ransomware using an anti-malware program but there is no option to restore your files. More information about the ransomware: https://sensorstechforum.com/remove-gandcrab-5-1-ransomware/?%D0%B4%D0%BB%D0%BD

      Reply
  29. sivone

    Hi, every one on the internet who is kind. Can you help me?, my files were encrypted by gancrab ransomware 5.1. The file shows look like this:

    Diffraction.docx.djhzsis.blower.

    All my files are blower file.
    Could you please help me?

    Reply
    1. Milena Dimitrova

      Hi Sivone,

      Unfortunately, this version of the ransomware is not decryptable. You can try alternative data restoration methods but there is no guarantee. More information here: https://sensorstechforum.com/blower-files-virus-remove/?lnln

      Reply
  30. Valerio

    Dear Sensors Tech Forum,
    can You help me? Please! All my files, documents, photos, images, videos, and other important files are encrypted and have the extension “.JRSGLQXT”.
    Within each corrupt folder there is the following file!
    “GANDCRAB V5.1 – UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS – Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .JRSGLQXT – The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.”
    Thank’s in advance for Your reply.

    Reply
    1. Milena Dimitrova

      Hi Valerio,

      We are very sorry for the loss of your files. Unfortunately, this version of the ransomware is not decryptable. You can learn more about it here: https://sensorstechforum.com/remove-gandcrab-5-1-ransomware/

      Reply
  31. Miguel

    alguien puede ayudarme a desencriptar archivos con la extensión. blower

    Reply
  32. Maik

    Dear Sensors Tech Forum,
    Please can you help me?All my files,photos,videos,documents and other´s are encrypted by Gandcrab V5.1 on February 09,2019 and have now the Extension “SPKFSF”

    Reply
  33. Maik Oebels

    Hallo Sensors Tech Forum,
    Bitte um Hilfe.All meine Dateien,Fotos,Videos etc. wurden am 09. Februar 2019 durch “Gandcrab V5.1” verschlüsselt und haben nun die Erweiterung “spkfsf”.Gibt es da eine Möglichkeit die Daten wieder zu entschlüsseln?

    Reply
  34. Ignacio

    Hola, mis archivos estan encriptados bajo la extensión .cbupus, por GANDCRAB v5.2. Estos métodos me funcionaran? Saludos

    Reply
  35. MARA

    ESTIMADOS.
    POR FAVOR ME PUEDEN AYUDAR, A MI SERVIDOR LE INGRESÓ Ransomware denominado CRYPT. BORRO TODA MI BASE DE DATOS.
    HAN LOGRADO RECUPERAR LOS ARCHIVOS.
    SLDS

    Reply
  36. Jaume

    No se el nombre del MALWARE me pone la extensión, . FAIL
    Alguien me puede ayudar!!!!

    Reply
  37. Lock

    My PC was affected GandCrab V5.2 with .WKNZFU extension in all my files.. any decryptor for V5.2 released ?

    Reply
  38. elias

    buenas tengo mis archivos con la extension .ukbmz no se q tipo de virus es m si alguien podria ayudarme gracias ♥

    Reply
  39. ELIAS

    hola buenas mi pc esta con los archivos y tiene la extension .UKBMZ si me podrian ayudar se los agradeceria muchisimo

    Reply
  40. Jhon

    Mis archivos estan infectados con la extension ETH

    Reply
  41. jorge

    Hola, me paso lo mismo, la extension es .promoz, el mail de rescate [email protected] y [email protected]. Me pueden informar si hay algun desencriptador por favor? Estoy desesperado.

    Reply
    1. Ismael

      Hola, tengo exactamente el mismo problema….haz podido solucionarlo? de ser así, como lo hiciste? saludos

      Reply
  42. Kuki

    I got ransomware with .promok extension :(((
    Asking 490 USD to these email addresses [email protected], [email protected]
    Do you know if there is decrypter for this please? .promok

    Reply
  43. Ismael

    Hola, tengo un NAS el cual fue infectado con rasomware todos los archivos estan encriptador con la extension .PROMOZ, spyhunter5 logro limpiar mi equipo, pero el servidor NAS aun sigue infectado, alguien conoce alguna herramienta (aunq sea de pago) o alguna forma de recuperar los archivos? la mayoría de mis archivos infectados son solo fotos y video familiares, estoy desesperado, estan las fotos de toda la vida ='( …. esta es la nota de rescate que aparece, desde ya muchas gracias por su ayuda
    ——————————————————————————————————————————-
    ATTENTION!

    Don’t worry my friend, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-ll0rIToOhf
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    [email protected]

    Reserve e-mail address to contact us:
    [email protected]

    Your personal ID:
    034OspdywaduiShdktrecpmTcuXM4gQ1VxOiWCronjaflECHMOiIWMEQKZy2r
    ——————————————————————————————————————————-

    Reply
  44. dean i

    hi my files have been changed to FJLTS is therre a fix for this?

    Reply
  45. dean

    all been changed too FJLTS

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .FJLTS

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    and this left in every folder on all my hard drives

    Reply
    1. Milena Dimitrova

      Hi Dean,

      Unfortunately, this version of GandCrab is not decryptable at the moment. You can follow our website for updates on the ransomware.

      Reply
  46. ravee

    hi My files has an extention of 87a1 how to I recover it I’ve waited for almost a year now,
    please help

    Reply
    1. Milena Dimitrova

      Hi ravee,

      Can you give us more details about your infection? The extension looks like Cerber ransomware: https://sensorstechforum.com/new-cerber-ransomware-remove-restore-encrypted-files/

      Reply
  47. Ismael

    me paso lo mismo, mis archivos fueron encriptador por .promoz rasomware…alguien tiene alguna soluciona? (aunq sea de pago

    Reply
    1. Milena Dimitrova

      Hi there,

      More information about this ransomware is available here: https://sensorstechforum.com/remove-promoz-files-virus/

      Reply
  48. Kevin

    Hello,
    I was hit with a ransomeware and all my files have the extension .local. Can someone help me?

    Reply
    1. Milena Dimitrova

      Hi there,

      Can you give us more details about your infection?

      Reply
      1. Kevin

        Sure, all files have a .local extension.

        The name of the ransomenote is “HOW TO RECOVER ENCRYPTED FILES”

        And they want me to contact
        [email protected]

        Reply
        1. kkeny

          Exactement le meme probleme mais en anglais ‘HOW TO RECOVER ENCRYPTED FILES.TXT”
          Tout mes fichiers son en .local
          Même adresse mail.
          l’id fourni est énorme
          help please????

          Reply
  49. marcelo

    Hola, en mayo de 2018 perdí todos mis archivos, mas de 50 gb, y mis backups también fueron infectados con la siguiente extensión [email protected] y [email protected] si existe un descifrador se lo agradecería.

    Reply
  50. Alamin Rahman

    Hello, My PC Effected By .IOPUMLYM Exctension and GANDCRAB V5.2
    Please Anyone Help me for Decrypted my Encrypted file and folder

    Reply
  51. Facundo Gil

    Hola, soy victima de [email protected], me encripto archivos con la extension .adobe.
    Me pueden ayudar?
    Saludos y muchas gracias

    Reply
  52. Santi JR

    Hola hace un par de meses me infectó un ransomware con extensión .missing, y a día de hoy aún no he podido descifrarlo. lo único que he podido averiguar es que se trata de una nueva variante del APOCALYPSE.
    dejo nota de rescate:(el archivo figura así: IMG_9345.JPG.Contact_Data_Recovery)

    Your computer was hit by ransomware

    Contact by Email for your data recovery.

    Email : [email protected]
    Your Personal Identification ID: ID_RESTORE_E1B5040FES

    We’ll provide proof of recovery and Data Decryption Software to you.

    WARNING: If you don’t contact us, your data will be damaged. If we do not reply, email from a different email service.

    Luego el archivo al cual se dirige citada nota del rescate figura con el nombre seguido de la extensión .missing

    Se sabe algo al respecto, ayuda por favor

    Reply
  53. jean

    hola necesito ayuda mi pc se infecto con un ransomware .promorad existe alguna aplicación para desencriptar mis datos gracias

    Reply
  54. Tunmise

    My SD card got infected with uuuuuuuu.uuu and it created so many folders. My files are still there but i’m unable to open or use them

    Reply
  55. Cristhian lesmes

    Buena noche tengo un problema con uno de estos virus quisiera solicitar su ayuda el virus es un Promorad2 ransomware, agradezco su ayuda Milena.

    Reply
  56. Jijith J V

    Hi All my files have affected by .bomber extension is there any way to decrypt the same?

    Reply
  57. luis

    i got my files changed to .kroput files any advice to get it back?

    Reply
  58. IVAN

    holaa necesito ayuda mis archivos se infectaron por un virus llamado streamer que encripto mis documentos y les puso la extension *.promorad2 alguien que sepa si hay alguna forma de recuperar los documentos, gracias de antemano

    Reply
  59. Cristobal

    hola yo tengo desde ayer uno que encripto todo lo que alcanzo en mi red en archivos compartidos con extension .KROPUT… habra alguna solucion??? me pide 980dls

    Reply
  60. Guido

    Hola cómo están gente…un virus me infectó mí PC y me cambio las extensiones a .promora2 alguien tiene info o como se puede hacer, muchas gracias de antemano.

    Reply
  61. Guido

    Hola gente…se me infectó mí PC y mis archivos de trabajo se cambiaron a la extensión .promora2 alguna solución o info de cómo recuperarlos…muchas gracias de antemano

    Reply
    1. ronald revilla

      a mi me paso igual amigo, no has conseguido solucion? soy de Venezuela

      Reply
      1. Guido

        Nada aún, sigo buscando soluciones…me avisas si encuentras algo… gracias

        Reply
  62. Carlos

    En mi laptop, memoria usb, y disco duro externo… se infectaron con el promorad2… como puedo recuperar mis archivos sin necesidad de formatear nada.

    Reply
  63. Carlos g.x.

    En mi laptop, memoria usb, y disco duro externo se infectaron con una extensión que es promorad2… como puedo recuperar archivos de mis discos extraíble sin necesidad de formatear nada.

    Reply
  64. Rolando

    buenas tardes alguien me puede ayudar a recuperar mis archivos que tienen la extecion .promorad2

    Reply
  65. ronald revilla

    buenas noches, fui atacado por virus ransomware que encrypta y deja extension .promorad2 tendrán alguna solucion para esto?????

    Reply
  66. rizwan

    my pc is infected by ransomware please help me
    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .GBYXADMGV

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    Reply
  67. Angel corso

    Buenas tardes por favor ayudaaa help me le entro ese virus a mi pc y todos mis archivos tienen esta extencion ( .pulsar1 ) aguien que me ayude a como resolverlo por favor

    Reply
  68. Marco

    Hola
    Mis archivos han sido infectados por la extensión .charck, hay alguna solución?

    Reply
  69. JOE

    Hola, necesito su ayuda todos mis documentos de mis discos(Archivos, fotos, videos entre otros) se han puesto con la extension . CHARCK necesito recuperarlos…… I NEED YOU!

    Reply
    1. Milena Dimitrova

      Hi Joe,

      You have been attacked by a version of Stop ransomware. https://www.sensorstechforum.com/remove-charck-files-virus/
      Unfortunately, there is no decrypter for it at the moment.

      Reply
  70. Ivan Naranjo

    ME PUEDEN AYUDAR POR FAVOR, TENGO INFECTADOS MIS ARCHIVOS, ESTAN CON UNA EXTENSION .pulsar1
    agradezco mucho si alguien me puede ayudar. gracias Iván

    Reply
    1. Milena Dimitrova

      Hi Ivan and Freddy,

      You both have been infected by a version of Stop ransomware which is not decryprable at the moment. You can read more about it in our article: https://sensorstechforum.com/remove-pulsar1-files-virus/
      If a decrypter is released, we will update the article with information. You can follow us for updates.

      Reply
  71. Manhal

    hello any solution my files all get extension kroput

    Reply
    1. Milena Dimitrova

      Hi Manhal,
      Unfortunately, no decryption for now. Here’s more information about the ransomware: https://sensorstechforum.com/remove-kroput-ransomware/

      Reply
  72. daniel

    buenas noches tengo ransomware que me encripto todos mis documentos con extension .pulsar1 alguien que me pueda ayudar son documentos muy importantes.

    Reply
    1. Milena Dimitrova

      Hi daniel,

      You’ve been infected by https://sensorstechforum.com/remove-pulsar1-files-virus/. The bad news is that there is no decryption for it at this point.

      Reply
  73. imi737

    Zdravo , Hallo
    All my data hdd is infected *HXCNTD*
    Help…….

    Reply
    1. Milena Dimitrova

      Hi there,

      It seems that you’ve been infected by а version of GancCrab. Can you give us more details about your infection, such as ransom note, to tell you if a decrypter is available.

      Reply
  74. Pool

    My files are crypted by .kroput,anybody knows the solution?

    Reply
    1. Milena Dimitrova

      Hi Pool,

      Unfortunately, no decryption tool is available at the moment. We will update our article (https://sensorstechforum.com/remove-kroput-ransomware/) if a decrypter is released.

      Reply
      1. Pool

        Thanks Milena,but i did manage to decrypt 202 files from 4000+ with STOPDecryptor if that helps :)

        Reply
  75. Pool

    Stellar Phoenix Photo Recovery will recover any photo or video,it doesn’t matter what virus ti is,that helped me,cheers

    Reply
  76. Majo

    Hola como estas. He notado la gran cantidad de virus ransomware. Hace casi un mes que estoy buscando solucion-. Mi pc fue atacada por el GandCrab v.5.2, bien nuevito…. Si uno compra el SpyHunter, recupera los archivos encriptados? o solo elimina el virus? Otra cosa, como hay tantas fallas de seguridad, mi bandeja de entrada de email llena de Spam. (yahoo y fibertel, no asi gmail hasta ahora)Muchas gracias.

    Reply
  77. LOURDES

    como restaurar archivos cifrados por ransomware

    Reply
  78. imi737

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .HXCNTD

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    —————————————————————————————-

    | 0. Download Tor browser – https://www.torproject.org/

    | 1. Install Tor browser
    | 2. Open Tor Browser
    | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/5b768db9b0f8d3d0
    | 4. Follow the instructions on this page

    —————————————————————————————-

    On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

    ATTENTION!

    IN ORDER TO PREVENT DATA DAMAGE:

    * DO NOT MODIFY ENCRYPTED FILES
    * DO NOT CHANGE DATA BELOW

    —BEGIN GANDCRAB KEY—
    lAQAALG5rR06FGgc3Z3vHwAexWFvWe6pXKGNmTrUK3/IVnbXC4qekGu5jJZRWr1ycEWWR5+CS8XOrzOzYlWAAgG5fh9i8rcW/NGDy4yCmMzwweh1BadN1ey3T5/DDGcmTPE6y6YMQDEzBqKRrgbUMp3wkFZi8QH67l8laDuZQZtuqE/JCuhGA3knB6B2qkbkYo28Yz6c8cEGjLpN6QYf8MH70IIheuPxthDbuGDLGad9gsng4VujjJ4bPNcJoa+ppIRpiumz8Mkjuxec3nZ81aJE3q9AAfOrmeQvNtW7pvq983CkrfmFf1+9tttOn5xYJYXjfZu2CA+UnbJC3WAwYGMRAkjpqeQFSr2ShlUcgeihKOFFgFugdrHT0nbaxUbDVVgAfC46ScDU8Ro5g4EmPnDS1tS2IUr1RKQBOJxkNyWsbH/CcGt1zmsEfAZP6GHk+8qFVV/O4swwlRIkDGeWk676XQuIGOacH3LzmcT3eei9a5pKEFd0dNeA96JVv6OsK9UHiytpE9SyWohLP+dIfBm5MQi9jJ2yE7i1Rt9nD4D8cdQeKji67n9KZXpjJZliVoRsatamTWkK/+tGgfK+vZY4ob3d6BWl8XWtEvTTLwumWcd2AQcjzJQed2znUdIbjyPCZSe+bW/RCcKuX58TluN2CgOLVWHr/WpjfhEQiIBkk/bXQJsGLTQ3KcM1ZiRRUDutf7UtUkKWNM5OCY9weSYG3qVaCzk9YKVP5FRWbB+AijXkINuN/5alRNfnQ8z+cGEsMB8ss6nbdh6m6l9vEUTkIsbmfEco3sn4rCk+UrxIuAXXKCynPD8q08mHPYjCDCscMTlQ+3cS1tnWpMgC7I8QCQkkX6P6aGzZnLeS2zJ6ewzPlRxwm4e8Uez8RUrQpHT82geycigfblQWe1HnuKnQXeRY1712dt2sgtaoqBvy2xGI8zDnc/gXnvKATm+bdYLoMfYL587IZrTJEw1btpB6Dfr+q0UxPmIWdNIPGsLCSzFZFT1HZI5C8l2dgGJXH6k+LlYl3YalD010WeezH9WMb9yokNHmvzVoD5rDru9M9yNoh/AdzS5Y261c94COD2tGN74Yv+W+AhVI0TTDyA9h4XH0hdQSZbbA9WCGi8Ef/wUn5fbddEK0uOP75X3PZtOCvhdFRSd+7iKFG/6iqvVYnDtT7bsdD0Go3H4Fku3LtBJXmqCuyUsmYqW7rc7gNUvjpRYbFjk/ht19hsblmcytqhODto9X2DHJCpKwoZOOeyuTt/N7UT2It58LohD7OPuRaVXTt4r+tmBopQloYuNpwumKOEj3I0UIT9J5zUlYWdHaw9oQU6HbIGhQRZELsLjMjKZTHpT7MN2jhDVIWwLShEutYCbUSjT757t0ebSLXESrUVrWKuCvtRyFd9LGZDJ+x25R7oeMooFVKysdM4J4WTTYkEhvUCucrP8HrEgnd/7SAPn2MuI7lXbYvOMH6CNYyOvCaNBlCQSX6jlbRdrDRVk6srSd+L4edc8vB7+uVGO+Pt1GY6YV8rrot6JQS2NS9ht3tHui3nk6Uu8+aztnJE6CdRXXXs7PctftNZneRIaZJghTuYDWHgBqoXcJ9tBjt07lEElJRgmRAV7WGgOj9psIysujQpNJUVL9olbR6eikNuulxTgtQK2vLD5LuNv6G9AyB3A/Qdh1E5pGG0dy9gZ6JMtfXJOcR7ud0N3eDCxOoXGkKpi0ocxQ2TRkChvIMxyHwsvQWuKyioVqPn1yovk5LZmwXYiWCsdItGhN9rwvoBR1QPqgn3n/MTv8E1P8Lw24amHWNUBKZTfbVRYwpxY4gHBHcKBxWJL7Zb6vcTRFPBvXNwWyrV3Z68GHMTt351fRG2y5yXGNuHYctNa61IJc/QEiDYlbE9NorWcWaEQO0hRixsYhPDSM1quHTeIsR04tMWnmjXV4UMjYJmNETuS5HKp9semkleUSaMhsB4ThCZaafqe2Jjj+22oQP3OhpVUVK+QOniuFFp5DJG3p6XT8i2Ouxm8lpp7KvVboVO8ZpyrpHGTJt00WvSTjeFgc4jZj3yMy/TP76BeRNdx97bn0KNOsLMV7uK+ounggIdx3+eznL/7Tyuc2sr7cG7F08TwG3LtsaSA83KJ2An7SrKqBw8T+elO7XwKGqtsBsEnM3vnEklN+8qVdlJoTRl/x4JRU6mtlIeUJcyXV1R4ZE+vWI22V8C2GMyasSFKgktc3u8IRllAglXdYokZJEQTTeNQyGjE=
    —END GANDCRAB KEY—

    —BEGIN PC DATA—
    7ftDEgLb/ZS0lcmZbHM61LvJzQOaD5cK2A6MbtAgbXYAWLQC95+cYAdxMWD/9MbJPZC3AvSVpuCmRVvIb3Q4Qz+a8bP6zo4STehtaoWXs6bpGMopS0ugInags8QTqn3soEgwXUJiM8FeiUr/tVKOWpBHJSOrMqL70iY+O9M3k2aL0KcRQ/oDEurBgtkSstyHBvUdIJN0TYNZA3s0F67PDOtF+yPcB5smbLF7Z+3MGN3xgF72rZ3ZUwt7wdxWWO4yn4Wp5y5HC3KrMJiBlVDzeiqo9FrdnMKZ719GSVfO+TAimLr7s4CuGAspCajqRTwVfPf20xBSUiDItL+JL9AKBiJqpsZqR7K3OLGemdSR2keIP43y//MxLLTjT6O6r1xW4eZxTzPJ1fbDL0900Pf6S0az7KAroTHFqZ2NPDKx6yhBud7oMVoK6ieVzOm2qBlvYbwCrtoyoy8A1fmlVjmS7q94BOw8gSWwQ0zSb+QfwNw4LR2j3Li9wF7i8DPfKPyghI2WWKL+6QkQvCyii4FeEv9EqiMxANjhx9QXIE31U0GeyeGMa50B1gs//OQPexoE0nTuCpvrA9c9PD6VRsopLqob8QmecC6V+7DIEcqsE7TRnIeaZEIlb4A05VHMc2nS0KJeDErFmIGkqFpw2EbRxIzGl3VEm8DKGvMCEuydIpiQzgJfQrpB71s2/1/ZdDB8r5KiQFhjqF1/yoXwoFyOuqdBYA56yRhuMMZxGB5sV+B3uzvqG6fuaplMs3UQDWsYCcS6Le3Uxn/maKAeNd3QiFB7RdqsfCI9+d2XxPVJsuoXhfB2B0kLztEkOcK3e/qYaj0JwNTW5DnfJK2n5OfHK1Pv1icGnIlS
    —END PC DATA—

    Reply
  79. Gustavo

    hola mis archivos estan cifrados por una extension.CHARCK, me pueden ayudar a resolver mi problema?

    Reply
  80. uncut

    Hello

    My computer also infected by ransomeware and most of the files extensions are renamed as .doples, are there any ways to decrypt them? Million thanks.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...