Today Emsisoft has released two new ransomware decryptors for the Xorist family and the 777 Ransomware infections. The Xorist ransomware has been around for a while, but Fabian Wosar was manually helping victims on a case-by-case basis. The ransomware family behind the 777 ransomware has also been around for a while, but a sample was discovered recently and thus a decryptor could be made.
More details on the two decryptors can be found below.
The Xorist ransomware encrypts your files appends various extensions such as *.EnCiPhErEd, *.0JELvV, *.p5tkjw, *.6FKR8d, *.UslJ6m, *.n1wLp0, *.5vypSa and *.YNhlv1 to the encrypted files. As this family uses a fairly easy to use ransomware builder, pretty much any extension can be used by a distributor.
In order to use this decryptor, you will need to drag a pair of the same files, one encrypted and one not encrypted, onto the decryptor. It will then perform a brute force of the decryption key that can be used to decrypt the victim's files.
This brute force process should typically take a maximum of 2-3 hours.
The 777 ransomware appears to have been around since September 2015,but a sample was discovered recently. This ransomware will encrypt files and append the .777 extension to them. Fabian Wosar was also able to create a decryptor for files encrypted by this ransomware.
To use the decryptor, simply download the program below and perform a scan. The decryptor will automatically decrypt any files that end with the .777 extension.
A support topic for this ransomware can be found here: .777 Ransomware Help & Support Topic(.777 Extension).