Q&A How ransomware decryption key is made?


New Member
Apr 19, 2020
Hello! I have seen some companies/websites have provided decryption keys for some ransomwares. As my knowledge it is not possible to decrypt AES256 without a key. To generate these keys are they using some compute engine or something... ? I'm nervous and newbie. šŸ˜¦ Is anyone know how they do it?


Staff member
Apr 9, 2020
Ransomware is only undecryptable by third parties if the malware developer implemented encryption correctly.
A lot of them do mistakes however, which enable us to retrieve keys or guess the keys in a reasonable time.

E.g., the most simple mistake is using only symmetric encryption like AES256 and nothing else. In that case the ransomware binary has to carry the AES256 key to use it for encryption. Symmetric encryption means the key that is used for encryption is also used for decryption. So we can just obtain a ransomwary binary, extract the key that it used for encrypting and use it for decrypting the files.

With ransomware that uses asymmetric cryptography (see picture below) on the other hand we cannot use the encryption key for decryption because those are different ones.


There are also some companies that take your money to deal with ransomware cases, and use that money to pay the criminals to obtain the key from them. They act as middle man. In some cases they will not tell you that they pay the criminals, which is highly unethical. An article about such an instance is here:

Trusted websites who identify ransomware and link to free decrypters are:
The most free decrypters were done by Emsisoft. Their website has an overview to them.