Ransomware Decryption Tools Collection

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Point of this thread is posting every ransomware decryption tool you can find online. Of course from a trusted source.
rsa_encrypt_decrypt.png

Requirements
Code:
Product Name :
What ransomware the tool is made for :
Version Number (if possible) :
Screenshot of the program (if available) :
Download link (from developer site if possible) :

Please do not post anti-ransomware tools and software that protects users from these malwares. Post tools that are made to decrypt already encrypted files on the victim's computer. Also, check if the tool is already posted, don't duplicate.

Let us help people in trouble! Stop the ransom! :cool:
 

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Product Name : JigSawDecrypter
What ransomware the tool is made for : JigSaw ransomware, a nasty variant that does actually delete your files hourly.
Version Number (if possible) : N/A
Screenshot of the program (if available) :
jigsaw-decrypter.png

Download link (from developer site if possible) : https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip
 

Captain Awesome

Level 23
Verified
Top Poster
Well-known
May 7, 2016
1,284
Product Name :HydraCrypt and UmbreCrypt decrypter
What ransomware the tool is made for :HydraCrypt and UmbreCrypt both families are closely related to the CrypBoss ransomware family
Version Number (if possible) :N/A
Screenshot of the program (if available) :
decrypter_howto_dragdrop.gif
Download link (from developer site if possible) :http://emsi.at/DecryptHydraCrypt
 
Last edited:

Captain Awesome

Level 23
Verified
Top Poster
Well-known
May 7, 2016
1,284
Product Name :RakhniDecryptor
What ransomware the tool is made for :to unlock files with the .locked and .kraken extensions. These files are encrypted by Rakhni Ransomware.
Version Number (if possible) :V.1.15.1.0
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) :Utilities
 

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
456
Product Name : Emsisoft Decrypter
What ransomware the tool is made for :
  • Nemucod
  • DMALocker2
  • HydraCrypt
  • DMALocker
  • CrypBoss
  • Gomasom
  • LeChiffre
  • Decrypter for KeyBTC
  • Radamant
  • CryptInfinite
  • PClock
  • CryptoDefense
  • Harasom.
Screenshot of the program (if available) :N/A
Download link (from developer site if possible) : Download a free Emsisoft Decrypter for the latest file encryption ransomware
 

marzametal

Level 7
Verified
Jun 10, 2014
316
My apologies for the amateur question, but this is the first time that my thoughts have entertained Ransomware.

Is there any documentation out there that highlights how Ransomware works? For example, once executed, does it create a list of files on your system and then encrypts... or does it see a sector, encrypts it, and then repeats process? What processes does it use (cmd, conhost, rundll32, dllhost etc...)?

What I hope to figure out is... if I, the user, am barred from modifying, copying, deleting, renaming a file on C:\Windows, Program Files x86 and x64, and it's subfolders because of "hardened settings (that can be undone by 4 clicks of a mouse)", then would an encrypter like a Ransomware be able to perform any mods? My tweaks are my own, and trying a "test" in a VM would defeat the purpose.

I will spend some time on reading up on this soon... just thought I'd throw the question out there. Thanks for reading and any advice/feedback provided!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top