Ransomware Decryptor Tools Available So Far in 2017!

According to various reports, Ransomware attacks hiked to 167% in 2016 and it’s even expected to increase this year. In the last quarter of 2016, it was observed that many health organizations and government offices were targeted by Ransomware attackers. Cerber & Locky were the most popular ones spread by Ransomware-as-a-service through the Dark Web.

Recently, it was observed that Ransomware attacks were made not only on PC users but it is now a threat to Android & Mac users as well. If you are one of the victims of Ransomware attacks, you would be happy to know that we have got some decryptor tools for you!

All the Ransomware decryptor tools available on our blog are tested by the experts at TrendMirco, AVG, Emnisoft, Avast, Kaspersky & Check Point and they are working fine. Though, the list doesn’t contain decryptors for all Ransomwares, it has 70% of the tools that might be helpful to you.

By using these Ransomware decryptor tools, you can easily remove Ransomware from the infected systems without paying any ransom to the attackers. Besides that, there are 90% chances that your data will be recovered (As per many experts).

DISCLAIMER: It is highly recommended that you isolate the infected machine from network or any other device. We can not be held responsible if anything happens to your data while using the decryption tool. Please refer each company’s disclaimer and instruction before performing the ransomware decryption using decryptors given below.

Ransomware Decryptor Tools/ Decrypt

Our research team has put together a massive list of all available ransomware decryptor tools for our reader’s convenience. Make sure you go through the how to guide of ransomware before you proceed with decryption.

Ransomware Decryptor Tools

Note: At the end of the ransomware decryptor tools table, there is a list of recommended resources given by us. It is recommended that you go through them as well. In a near future, we shall also host all possible “how to” guides for you.

Ransomware Solution
available?
Tool Ransomware signs
Apocalypse, ApocalypseVM Yes AVG Decryption Tool, Emsisoft Decryptor  Adds .encrypted, .FuckYourData, .locked, .Encryptedfile, or .SecureCrypted extension at the end of the filename
BadBlock Yes AVG Decryption Tool, Trend Micro Decryptor, Emsisoft Decryptor  It does not renames your file. Just displays the message
Bart Yes AVG Decryption Tool

Bitdefender Decryption Tool

 Adds .bart.zip extension at the end of the filename
Rakhni Yes Kaspersky Tool  Removes rakhni, dharma, Crysis,Chimera, Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Lortok, Cryptokluchen, Democry,Bitman (TeslaCrypt) version 3 and 4.
Crypt888  or Mircop Yes AVG Decryption Tool, Trend Micro Decryptor  Adds Lock. at the beginning of the filename
Legion Yes AVG Decryption Tool  Adds a variant of ._23-06-2016-20-27-23_$f_tactics@aol.com$.legion or .$centurion_legion@aol.com$.cbf to the end of filename
SZFLocker Yes AVG Decryption Tool  Adds .szf to the end of filename
MRCR or Merry X-Mas Yes Emsisoft Decryptor  Adds .PEGS1, .MRCR1, .RARE1, .MERRY, or .RMCM1 extension to the end of the filename
Marlboro Yes Emsisoft Decryptor  Add .oops extension to the end of the filename
Globe3, Globe 2, Globe Yes Emsisoft Decryptor  Adds .decrypt2017, .hnumkhotep, .raid10, .blt, .globe, .encrypted, .[mia.kokers@aol.com], .purge, .globe and .okean-1955@india.com.!dsvgdfvdDVGR3SsdvfEF75sddf#xbkNY45fg6}P{cg.xtbl extension to the  end of the filename
OpenToYou Yes Emsisoft Decryptor  Adds .-opentoyou@india.com extension
GlobeImposter Yes Emsisoft Decryptor  Adds .crypt extension
NMoreira Yes Emsisoft Decryptor  Adds .maktub or .__AiraCropEncrypted! Extension
OzozaLocker Yes Emsisoft Decryptor  Adds .locked extension
Al-Namrood Yes Emsisoft Decryptor   Adds .unavailable or .disappeared extension
FenixLocker Yes Emsisoft Decryptor  Adds .centrumfr@india.com!! extension
Fabiansomware Yes Emsisoft Decryptor  Adds .encrypted extension
Philadelphia Yes Emsisoft Decryptor  Adds .locked extension
Stampado Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .locked extension
Xorist

 

Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .EnCiPhErEd, .0JELvV, .p5tkjw, .6FKR8d, .UslJ6m, .n1wLp0, .5vypSa and .YNhlv1 extensions
777 Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .777 extension
AutoLocky

 

Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .locky extension
Nemucod

 

Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .crypted extension
DMALocker2, DMALocker

 

Yes Emsisoft Decryptor  It does not rename your file
HydraCrypt

 

Yes Emsisoft Decryptor  Adds *hydracrypt* or *.umbrecrypt* at the end and/or beginning
CrypBoss

 

Yes Emsisoft Decryptor  Adds .crypt or .R16M01D05 extensions
Gomasom

 

Yes Emsisoft Decryptor  Adds .crypt extension
LeChiffre

 

Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .LeChiffre extension
KeyBTC

 

Yes Emsisoft Decryptor  It does not rename your file
Radamant

 

Yes Emsisoft Decryptor  Adds .rdm or .rrk extensions
CryptInfinite

 

Yes Emsisoft Decryptor  Adds .CRINF extension
PClock

 

Yes Emsisoft Decryptor  It does not rename your file
CryptoDefense

 

Yes Emsisoft Decryptor  It does not rename your file
Harasom

 

Yes Emsisoft Decryptor  Files are converted to .html with ransomware notes
CryptXXX (v 1, 2, 3, 4, 5) Yes Trend Micro Decryptor, Kaspersky Tool  Adds crypt, cryp1, crypz, or 5 hexadecimal characters extensions
Rannoh, Marsjoke aka Polyglot Yes Kaspersky Tool  Adds  locked-<original_name>.<four_random_letters> extension

Example: locked-filename.RZWD

AutoIt Yes Kaspersky Tool  Adds <original_name>@<mail server>_.<random_set_of_characters> extension.
Example: ioblomov@india.com_.RZWDTDIC.T
Fury, Crybola, Cryakl Yes Kaspersky Tool  Adds CRYPTENDBLACKDC tag is added at the end of the file name
Popcorn Time ransomware Yes Elevenpaths  Adds .filock extension
Derialock Yes Check Point  It locks your entire system or used .deria extension
PHP ransomware Yes Check Point  Locks down server and CMS
Wildfire Yes Kaspersky Tool, Intel Security  Adds .wflx extension
Chimera Yes Kaspersky Tool, Trend Micro Decryptor  Adds .crypt extension
TeslaCrypt (v 1, 2, 3, 4) Yes Trend Micro Decryptor, Kaspersky Tool, Intel Security, AVG Decryption Tool  Adds .ECC, .VVV, CCC, ZZZ, AAA, ABC, XYZ, .XXX, TTT, MP3 or MICRO extensions. TeslaCrypt v4 does not change the filename
Shade Yes Kaspersky Tool, Intel Security  Adds .xtbl, .ytbl, .breaking_bad, .heisenberg. extensions
CoinVault Yes Kaspersky Tool  Adds .cvlst extension
Jigsaw Yes Check Point, Trend Micro Decryptor  Adds .random extension
Crysis Yes Trend Micro Decryptor  Adds .xtbl, crypt extensions
SNSLocker Yes Trend Micro Decryptor  Adds .RSNSLocked extension
XORBAT Yes Trend Micro Decryptor  Adds .crypted extension
CERBER V1 Yes Trend Micro Decryptor  Adds 10 random characters.cerber
CERBER (v 2, 3, 4) No  Adds random characters.ceber2, .cerber3, .cerber4 etc
DXXD Yes Trend Micro Decryptor  Adds dxxd extension to the original extension
DemoTool Yes Trend Micro Decryptor  Adds .demoadc extension

 

So these are some Ransomware decryptor tools that are actually working. Don’t fall in trap by downloading the tools from unofficial sources. All the above mentioned Ransomware decryptor tools are developed by experts at respective security firms.

Ransomware FAQ

What is a Ransomware?
Why am I the only victim?
How to prevent ransomware from spreading?
Types of Ransomware
Should I pay ransom?
Is there any guarantee that I will not be ransomed again?
Is there any solution available for XYZ ransomware
What are the chances of getting back my files after paying ransom?
What are the chances of getting back my files after using ransom decryptor?
What are the recommended websites to know more about ransomware?
Should I lodge the police complaint?
What is a Bitcoin?
How do I get Bitcoin?
Is it possible to know where my money is sent using Bitcoin wallet?

Infographics

ransomware infographics
Embed the code on your website for quick display