Ransomware Decryption Tools Collection

[BoraMurdar]

Point of this thread is posting every ransomware decryption tool you can find online. Of course from a trusted source.

Requirements
​

Product Name :
What ransomware the tool is made for :
Version Number (if possible) :
Screenshot of the program (if available) :
Download link (from developer site if possible) :

Please do not post anti-ransomware tools and software that protects users from these malwares. Post tools that are made to decrypt already encrypted files on the victim's computer. Also, check if the tool is already posted, don't duplicate.

Let us help people in trouble! Stop the ransom! ​

 

[BoraMurdar]

Product Name : JigSawDecrypter
What ransomware the tool is made for : JigSaw ransomware, a nasty variant that does actually delete your files hourly.
Version Number (if possible) : N/A
Screenshot of the program (if available) :

Download link (from developer site if possible) : https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip

 

[Captain Awesome]

Product Name :HydraCrypt and UmbreCrypt decrypter
What ransomware the tool is made for :HydraCrypt and UmbreCrypt both families are closely related to the CrypBoss ransomware family
Version Number (if possible) :N/A
Screenshot of the program (if available) :

Spoiler: Screenshot

Download link (from developer site if possible) :http://emsi.at/DecryptHydraCrypt

 

[Captain Awesome]

Product Name :RakhniDecryptor
What ransomware the tool is made for :to unlock files with the .locked and .kraken extensions. These files are encrypted by Rakhni Ransomware.
Version Number (if possible) :V.1.15.1.0
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) :Utilities

 

[Captain Awesome]

Product Name :CryptXXX decryption tool
What ransomware the tool is made for :CryptXXX Ransomware (.crypt extension)
Version Number (if possible) :N/A
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) :CryptXXX decryption tool

 

[Morvotron]

Product Name : TeslaCrypt Decryption Tool
What ransomware the tool is made for :TeslaCrypt Ransomware
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) : TeslaCypt Decryption Tool

 

[Duotone]

Product Name : Emsisoft Decrypter
What ransomware the tool is made for :

• Nemucod
• DMALocker2
• HydraCrypt
• DMALocker
• CrypBoss
• Gomasom
• LeChiffre
• Decrypter for KeyBTC
• Radamant
• CryptInfinite
• PClock
• CryptoDefense
• Harasom.

Screenshot of the program (if available) :N/A
Download link (from developer site if possible) : Download a free Emsisoft Decrypter for the latest file encryption ransomware

 

[frogboy]

Might have to make some adjustments to the list. CryptXXX Updated to Outwit Decryptor Tool

 

[marzametal]

My apologies for the amateur question, but this is the first time that my thoughts have entertained Ransomware.

Is there any documentation out there that highlights how Ransomware works? For example, once executed, does it create a list of files on your system and then encrypts... or does it see a sector, encrypts it, and then repeats process? What processes does it use (cmd, conhost, rundll32, dllhost etc...)?

What I hope to figure out is... if I, the user, am barred from modifying, copying, deleting, renaming a file on C:\Windows, Program Files x86 and x64, and it's subfolders because of "hardened settings (that can be undone by 4 clicks of a mouse)", then would an encrypter like a Ransomware be able to perform any mods? My tweaks are my own, and trying a "test" in a VM would defeat the purpose.

I will spend some time on reading up on this soon... just thought I'd throw the question out there. Thanks for reading and any advice/feedback provided!

 

[BoraMurdar]

Product Name : ESET TeslaCrypt Decryptor
What ransomware the tool is made for : TeslaCrypt
Version Number (if possible) : 1.1.0.1
Screenshot of the program (if available) :

Download link (from developer site if possible) : http://download.eset.com/special/ESETTeslaCryptDecryptor.exe