Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware decryption tools


  • Please log in to reply
3 replies to this topic

#1 F0ZZ

F0ZZ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 March 2016 - 09:37 AM

Hello!
 
I was thinking of a list of all available ransomware decryption tools. 
 
Do you think people need such a list? Will it be useful? 
 
Maybe you already have one somewhere on this forum?
 
I have found some info on several tools, sharing it here.
 
Could you please reply if any/all of these tools are still relevant and working. Are there any other tools to add to this list:
 
1) Locker Unlocker
hxxp://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-topic/page-32#entry3721545
 
2) ScraperDecryptor utility
hxxp://securelist.com/blog/research/69481/a-flawed-ransomware-encryptor/
 
3) The TeslaCrypt Decryption Tool
hxxp://blogs.cisco.com/security/talos/teslacrypt
hxxp://github.com/vrtadmin/TeslaDecrypt/tree/master/Windows
 
4) RakhniDecryptor utility
hxxp://support.kaspersky.com/us/viruses/disinfection/10556
 
5) CoinVault and Bitcryptor DECRYPTOR
hxxp://noransom.kaspersky.com/
 
6) Radamant  decryption tool
hxxp://emsi.at/DecryptRadamant
 
7) LINUX.ENCODER.1 decryption
hxxp://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/
 
8) CryptoTorLocker2015 decryption
hxxp://www.bleepingcomputer.com/forums/t/565020/new-cryptotorlocker2015-ransomware-discovered-and-easily-decrypted/
 
9) DecryptorMax or CryptInfinite recovery
hxxp://www.bleepingcomputer.com/forums/t/596691/decryptormax-or-cryptinfinite-ransomware-crinf-extension-support-topic/
 
10) TeslaCrypt decryption
hxxp://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information#decrypt
 
11) LeChiffre decryption
hxxp://www.bleepingcomputer.com/news/security/emsisoft-releases-decrypter-for-the-lechiffre-ransomware/
 
12) Gomasom .Crypt Ransomware decryption
hxxp://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/
 
13) Cryptear.B  decryption
hxxp://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.html
 
14) NanoLocker decryption
hxxp://github.com/Cyberclues/nanolocker-decryptor
 
15) DMA Locker decryption
hxxp://blog.malwarebytes.org/intelligence/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/
 
16) Anti-Child Porn Spam Protection ransomware decryption
hxxp://blog.cylance.com/cracking-ransomware
 
17) KeRanger decryption
hxxp://news.drweb.com/show/?i=9877&lng=en&c=5
 
18) HydraCrypt and then UmbreCrypt decryption
hxxp://emsi.at/DecryptHydraCrypt
 
19) EDA2 ransomware decryption
hxxp://www.bleepingcomputer.com/news/security/pompous-ransomware-dev-gets-defeated-by-backdoor/

 



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:29 AM

Posted 21 March 2016 - 09:52 AM

I personally would see people using such as list as a "let me run every tool to see if it fixes my files" list, which could cause further damage to files, since each solution works for certain ransomware due to specific circumstances.

 

The biggest factor is knowing what you are dealing with, and then whether a tool is available. So far, there is a good list of the reported ransomwares themselves on the following page: http://www.bleepingcomputer.com/forums/t/171335/spyware-and-malware-removal-guides-index/?p=1307244

 

I'm currently working on a service for helping to identify ransomware, and then pointing the user to the support topic for more information (and decryption tool if available).


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 F0ZZ

F0ZZ
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 March 2016 - 01:32 PM

Great, thanks!



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:29 AM

Posted 21 March 2016 - 06:07 PM

I personally would see people using such as list as a "let me run every tool to see if it fixes my files" list, which could cause further damage to files, since each solution works for certain ransomware due to specific circumstances.

I agree. In fact, we have seen some victims have already tried doing just that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users