BoraMurdar

Community Manager
Staff member
Verified
Point of this thread is posting every ransomware decryption tool you can find online. Of course from a trusted source.
rsa_encrypt_decrypt.png

Requirements
Code:
Product Name :
What ransomware the tool is made for :
Version Number (if possible) :
Screenshot of the program (if available) :
Download link (from developer site if possible) :

Please do not post anti-ransomware tools and software that protects users from these malwares. Post tools that are made to decrypt already encrypted files on the victim's computer. Also, check if the tool is already posted, don't duplicate.

Let us help people in trouble! Stop the ransom! :cool:
 

Captain Awesome

Level 21
Tester
Verified
Product Name :HydraCrypt and UmbreCrypt decrypter
What ransomware the tool is made for :HydraCrypt and UmbreCrypt both families are closely related to the CrypBoss ransomware family
Version Number (if possible) :N/A
Screenshot of the program (if available) :
Download link (from developer site if possible) :http://emsi.at/DecryptHydraCrypt
 
Last edited:

Captain Awesome

Level 21
Tester
Verified
Product Name :RakhniDecryptor
What ransomware the tool is made for :to unlock files with the .locked and .kraken extensions. These files are encrypted by Rakhni Ransomware.
Version Number (if possible) :V.1.15.1.0
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) :Utilities
 

marzametal

Level 7
Verified
My apologies for the amateur question, but this is the first time that my thoughts have entertained Ransomware.

Is there any documentation out there that highlights how Ransomware works? For example, once executed, does it create a list of files on your system and then encrypts... or does it see a sector, encrypts it, and then repeats process? What processes does it use (cmd, conhost, rundll32, dllhost etc...)?

What I hope to figure out is... if I, the user, am barred from modifying, copying, deleting, renaming a file on C:\Windows, Program Files x86 and x64, and it's subfolders because of "hardened settings (that can be undone by 4 clicks of a mouse)", then would an encrypter like a Ransomware be able to perform any mods? My tweaks are my own, and trying a "test" in a VM would defeat the purpose.

I will spend some time on reading up on this soon... just thought I'd throw the question out there. Thanks for reading and any advice/feedback provided!
 

Similar Threads

Similar Threads