Today Emsisoft has released two new ransomware decryptors for the Xorist family and the 777 Ransomware infections. The Xorist ransomware has been around for a while, but Fabian Wosar was manually helping victims on a case-by-case basis.  The ransomware family behind the 777 ransomware has also been around for a while, but a sample was discovered recently and thus a decryptor could be made.

More details on the two decryptors can be found below.

Decryptor for the Xorist Ransomware Family

The Xorist ransomware encrypts your files appends various extensions such as  *.EnCiPhErEd, *.0JELvV, *.p5tkjw, *.6FKR8d, *.UslJ6m, *.n1wLp0, *.5vypSa and *.YNhlv1 to the encrypted files. As this family uses a fairly easy to use ransomware builder, pretty much any extension can be used by a distributor. 

In order to use this decryptor, you will need to drag a pair of the same files, one encrypted and one not encrypted, onto the decryptor. It will then perform a brute force of the decryption key that can be used to decrypt the victim's files.

Brute Force of Xoris Key
Brute Force of Xoris Key

This brute force process should typically take a maximum of 2-3 hours.

img
decrypt_xorist.exe

We have an article on Xorist here and the main download page for this tool can be found on Emsisoft's site.

Decryptor for the 777 Ransomware

The 777 ransomware appears to have been around since September 2015,but a sample was discovered recently. This ransomware will encrypt files and append the .777 extension to them. Fabian Wosar was also able to create a decryptor for files encrypted by this ransomware.

To use the decryptor, simply download the program below and perform a scan. The decryptor will automatically decrypt any files that end with the .777 extension.

img
decrypt_777.exe

A support topic for this ransomware can be found here: .