Ransomware Decryption Tools Collection

BoraMurdar

Super Moderator
MalwareTips Staff
Verified
Joined
Aug 30, 2012
Messages
6,059
OS
Windows 10
Antivirus
Emsisoft
#1
Point of this thread is posting every ransomware decryption tool you can find online. Of course from a trusted source.
rsa_encrypt_decrypt.png

Requirements
Code:
Product Name :
What ransomware the tool is made for :
Version Number (if possible) :
Screenshot of the program (if available) :
Download link (from developer site if possible) :

Please do not post anti-ransomware tools and software that protects users from these malwares. Post tools that are made to decrypt already encrypted files on the victim's computer. Also, check if the tool is already posted, don't duplicate.

Let us help people in trouble! Stop the ransom! :cool:
 

BoraMurdar

Super Moderator
MalwareTips Staff
Verified
Joined
Aug 30, 2012
Messages
6,059
OS
Windows 10
Antivirus
Emsisoft
#2
Product Name : JigSawDecrypter
What ransomware the tool is made for : JigSaw ransomware, a nasty variant that does actually delete your files hourly.
Version Number (if possible) : N/A
Screenshot of the program (if available) :

Download link (from developer site if possible) : https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip
 

Captain Awesome

Level 21
MH Trial
Verified
Joined
May 7, 2016
Messages
1,020
OS
Windows 10
Antivirus
Avast
#3
Product Name :HydraCrypt and UmbreCrypt decrypter
What ransomware the tool is made for :HydraCrypt and UmbreCrypt both families are closely related to the CrypBoss ransomware family
Version Number (if possible) :N/A
Screenshot of the program (if available) :
Download link (from developer site if possible) :http://emsi.at/DecryptHydraCrypt
 
Last edited:

Captain Awesome

Level 21
MH Trial
Verified
Joined
May 7, 2016
Messages
1,020
OS
Windows 10
Antivirus
Avast
#4
Product Name :RakhniDecryptor
What ransomware the tool is made for :to unlock files with the .locked and .kraken extensions. These files are encrypted by Rakhni Ransomware.
Version Number (if possible) :V.1.15.1.0
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) :Utilities
 

Duotone

Level 9
Verified
Joined
Mar 17, 2016
Messages
447
OS
Windows 7
Antivirus
Default-Deny
#7
Product Name : Emsisoft Decrypter
What ransomware the tool is made for :
  • Nemucod
  • DMALocker2
  • HydraCrypt
  • DMALocker
  • CrypBoss
  • Gomasom
  • LeChiffre
  • Decrypter for KeyBTC
  • Radamant
  • CryptInfinite
  • PClock
  • CryptoDefense
  • Harasom.
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) : Download a free Emsisoft Decrypter for the latest file encryption ransomware
 

marzametal

Level 7
Verified
Joined
Jun 10, 2014
Messages
317
OS
Windows 7
#9
My apologies for the amateur question, but this is the first time that my thoughts have entertained Ransomware.

Is there any documentation out there that highlights how Ransomware works? For example, once executed, does it create a list of files on your system and then encrypts... or does it see a sector, encrypts it, and then repeats process? What processes does it use (cmd, conhost, rundll32, dllhost etc...)?

What I hope to figure out is... if I, the user, am barred from modifying, copying, deleting, renaming a file on C:\Windows, Program Files x86 and x64, and it's subfolders because of "hardened settings (that can be undone by 4 clicks of a mouse)", then would an encrypter like a Ransomware be able to perform any mods? My tweaks are my own, and trying a "test" in a VM would defeat the purpose.

I will spend some time on reading up on this soon... just thought I'd throw the question out there. Thanks for reading and any advice/feedback provided!