Ransomware Decryptor Tools in 2019: Remove Ransomware & Say NO to Ransom!

According to various reports, Ransomware attacks hiked to 167% in 2016 and it’s even expected to increase this year. In the last quarter of 2016, it was observed that many health organizations and government offices were targeted by Ransomware attackers. Cerber & Locky were the most popular ones spread by Ransomware-as-a-service through the Dark Web. Perhaps, this has arouse the need of good ransomware decryptor tools to thwart such attacks. Our experts have researched and collected all the ransomware decryptor tools available so far. The list will be updated at a regular interval.

Recently, it was observed that Ransomware attacks were made not only on PC users but it is now a threat to Android & Mac users as well. Cerber 6 is the latest version of Cerber which was observed first in late March. If you are one of the victims of Ransomware attacks, you would be happy to know that we have got some decryptor tools for you!

All the Ransomware decryptor tools available on our blog are tested by the experts at TrendMirco, AVG, Emnisoft, Avast, Kaspersky & Check Point and they are working fine. Though, the list doesn’t contain decryptors for all Ransomwares, it has 70% of the tools that might be helpful to you.

By using these Ransomware decryptor tools, you can easily remove Ransomware from the infected systems without paying any ransom to the attackers. Besides that, there are 90% chances that your data will be recovered (As per many experts).

DISCLAIMER: It is highly recommended that you isolate the infected machine from the network or any other device. We can not be held responsible if anything happens to your data while using the decryption tool. Please refer each company’s disclaimer and instruction before performing the ransomware decryption using decryptors given below.

Ransomware Decryptor Tools/ Decrypter

Our research team has put together a massive list of all available ransomware decryptor tools for our reader’s convenience. Make sure you go through the how-to remove ransomware guide before you proceed with decryption.

Ransomware Decryptor Tools

Note: At the end of the ransomware decryptor tools table, there is a list of recommended resources given by us. It is recommended that you go through them as well. In a near future, we shall also host all possible “how to” guides for you.

Ransomware Solution
Tool Ransomware signs
Apocalypse, ApocalypseVM Yes AVG Decryption Tool, Emsisoft Decryptor  Adds .encrypted, .FuckYourData, .locked, .Encryptedfile, or .SecureCrypted extension at the end of the filename
BadBlock Yes AVG Decryption Tool, Trend Micro Decryptor, Emsisoft Decryptor  It does not renames your file. Just displays the message
Bart Yes AVG Decryption Tool

Bitdefender Decryption Tool

 Adds .bart.zip extension at the end of the filename
Rakhni Yes Kaspersky Tool  Removes rakhni, dharma, Crysis,Chimera, Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Lortok, Cryptokluchen, Democry,Bitman (TeslaCrypt) version 3 and 4.
Crypt888  or Mircop Yes AVG Decryption Tool, Trend Micro Decryptor  Adds Lock. at the beginning of the filename
Legion Yes AVG Decryption Tool  Adds a variant of ._23-06-2016-20-27-23_$f_tactics@aol.com$.legion or .$centurion_legion@aol.com$.cbf to the end of filename
SZFLocker Yes AVG Decryption Tool  Adds .szf to the end of filename
MRCR or Merry X-Mas Yes Emsisoft Decryptor  Adds .PEGS1, .MRCR1, .RARE1, .MERRY, or .RMCM1 extension to the end of the filename
Marlboro Yes Emsisoft Decryptor  Add .oops extension to the end of the filename
Globe3, Globe 2, Globe Yes Emsisoft Decryptor  Adds .decrypt2017, .hnumkhotep, .raid10, .blt, .globe, .encrypted, .[mia.kokers@aol.com], .purge, .globe and .okean-1955@india.com.!dsvgdfvdDVGR3SsdvfEF75sddf#xbkNY45fg6}P{cg.xtbl extension to the  end of the filename
OpenToYou Yes Emsisoft Decryptor  Adds .-opentoyou@india.com extension
GlobeImposter Yes Emsisoft Decryptor  Adds .crypt extension
NMoreira Yes Emsisoft Decryptor  Adds .maktub or .__AiraCropEncrypted! Extension
OzozaLocker Yes Emsisoft Decryptor  Adds .locked extension
Al-Namrood Yes Emsisoft Decryptor   Adds .unavailable or .disappeared extension
FenixLocker Yes Emsisoft Decryptor  Adds .centrumfr@india.com!! extension
Fabiansomware Yes Emsisoft Decryptor  Adds .encrypted extension
Philadelphia Yes Emsisoft Decryptor  Adds .locked extension
Stampado Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .locked extension


Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .EnCiPhErEd, .0JELvV, .p5tkjw, .6FKR8d, .UslJ6m, .n1wLp0, .5vypSa and .YNhlv1 extensions
777 Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .777 extension


Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .locky extension


Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .crypted extension
DMALocker2, DMALocker


Yes Emsisoft Decryptor  It does not rename your file


Yes Emsisoft Decryptor  Adds *hydracrypt* or *.umbrecrypt* at the end and/or beginning


Yes Emsisoft Decryptor  Adds .crypt or .R16M01D05 extensions


Yes Emsisoft Decryptor  Adds .crypt extension


Yes Trend Micro Decryptor, Emsisoft Decryptor  Adds .LeChiffre extension


Yes Emsisoft Decryptor  It does not rename your file


Yes Emsisoft Decryptor  Adds .rdm or .rrk extensions


Yes Emsisoft Decryptor  Adds .CRINF extension


Yes Emsisoft Decryptor  It does not rename your file


Yes Emsisoft Decryptor  It does not rename your file


Yes Emsisoft Decryptor  Files are converted to .html with ransomware notes
CryptXXX (v 1, 2, 3, 4, 5) Yes Trend Micro Decryptor, Kaspersky Tool  Adds crypt, cryp1, crypz, or 5 hexadecimal characters extensions
Rannoh, Marsjoke aka Polyglot Yes Kaspersky Tool  Adds  locked-<original_name>.<four_random_letters> extension

Example: locked-filename.RZWD

AutoIt Yes Kaspersky Tool  Adds <original_name>@<mail server>_.<random_set_of_characters> extension.
Example: ioblomov@india.com_.RZWDTDIC.T
Fury, Crybola, Cryakl Yes Kaspersky Tool  Adds CRYPTENDBLACKDC tag is added at the end of the file name
Popcorn Time ransomware Yes Elevenpaths  Adds .filock extension
Derialock Yes Check Point  It locks your entire system or used .deria extension
PHP ransomware Yes Check Point  Locks down server and CMS
Wildfire Yes Kaspersky Tool, Intel Security  Adds .wflx extension
Chimera Yes Kaspersky Tool, Trend Micro Decryptor  Adds .crypt extension
TeslaCrypt (v 1, 2, 3, 4) Yes Trend Micro Decryptor, Kaspersky Tool, Intel Security, AVG Decryption Tool  Adds .ECC, .VVV, CCC, ZZZ, AAA, ABC, XYZ, .XXX, TTT, MP3 or MICRO extensions. TeslaCrypt v4 does not change the filename
Shade Yes Kaspersky Tool, Intel Security  Adds .xtbl, .ytbl, .breaking_bad, .heisenberg. extensions
CoinVault Yes Kaspersky Tool  Adds .cvlst extension
Jigsaw Yes Check Point, Trend Micro Decryptor  Adds .random extension
Crysis Yes Trend Micro Decryptor  Adds .xtbl, crypt extensions
SNSLocker Yes Trend Micro Decryptor  Adds .RSNSLocked extension
XORBAT Yes Trend Micro Decryptor  Adds .crypted extension
CERBER V1 Yes Trend Micro Decryptor  Adds 10 random characters.cerber
CERBER (v 2, 3, 4, 5, 6) No  Adds random characters.ceber2, .cerber3, .cerber4 etc
DXXD Yes Trend Micro Decryptor  Adds dxxd extension to the original extension
DemoTool Yes Trend Micro Decryptor  Adds .demoadc extension


So these are some Ransomware decryptor tools that are actually working. Don’t fall in trap by downloading the tools from unofficial sources. All the above mentioned Ransomware decryptor tools are developed by experts at respective security firms.

Ransomware FAQ

[su_spoiler title=”What is a Ransomware?” style=”fancy”] Ransomware is a type of Malicious software designed to block the access of your computer. Once your computer is blocked by Ransomware, they demand a ransom amount to get it unlocked and recover your data. [/su_spoiler]

[su_spoiler title=”Why am I the only victim?” style=”fancy”] Ransomware is spreading quickly. You’re not alone suffering from it. Government agency and many businesses including hotels are latest victim of ransomware. The growth is likely to be continued in 2018/ 2019. [/su_spoiler]

[su_spoiler title=”How to prevent ransomware from spreading?” style=”fancy”] Simple answer is to not open any spam and unsolicited email attachments. In most of the cases, it is found that the spreading has happened due to email attachments. However, there are plethora of reasons for ransomware spreading. The best precaution is to train your employee not to open word file, batch, exe and executable files without scanning. A more detailed guide on how to prevent ransomware from spreading is already covered here. [/su_spoiler]

[su_spoiler title=”Types of Ransomware” style=”fancy”] Ransomware are of many types. Some of them are CryptoLocker, Cerber, Locky, TeslaCrypt, TorrentLocker and many more!  [/su_spoiler]

[su_spoiler title=”Should I pay ransom?” style=”fancy”] No one can answer this question but you. Depending on the condition and sensitivity of your data, you should decide whether to pay ransom or not. Paying ransom is supporting the business model of these cyber criminals. The obvious advice is not to pay single dime to this cyber criminals [/su_spoiler]

[su_spoiler title=”Is there any guarantee that I will not be ransomed again?” style=”fancy”] Ransomware is created by many groups. There is no guarantee that your PC will not be infected with same or different ransomware again. [/su_spoiler]

[su_spoiler title=”Is there any solution available for XYZ ransomware” style=”fancy”] There are many Ransomwares and we have a separate section for decryptors where you can get solutions for most of the Ransomwares. Our plan is to keep this page updated with all possible solutions. However, it is recommended that you refer some of the websites mentioned in the recommended website’s FAQ section. [/su_spoiler]

[su_spoiler title=”What are the chances of getting back my files after paying ransom?” style=”fancy”] Sometime paying ransom works, but there is no guarantee that it works always. Of course, we condemn paying ransom amount as it will only encourage such cyber criminals to infect more PC. However, we do understand the sensitivity of data for some business. [/su_spoiler]

[su_spoiler title=”What are the chances of getting back my files after using ransom decryptor?” style=”fancy”] Ransom decrypt tools work. However, there is no guarantee that it will decrypt all your files. There are too many variables to consider. [/su_spoiler]

[su_spoiler title=”What are the recommended websites to know more about ransomware?” style=”fancy”] There are many good websites covering ransomware. Below is the list of all those websites

Ransomwares.net (shameless plug)

Bleeping computer

No more ransomware

Note: In case, if you want to recommend more websites, then please use the comment form or contact us form for the inclusion. This page will be updated on a regular basis.


[su_spoiler title=”Should I lodge the police complaint?” style=”fancy”] Yes, it is always a best practice to let the cyber cell know about the incident. However, you should take some precautions. Investigate about possibility of cyber cell seizing your PC for more investigation. In most of the case, data are too sensitive and hence it is often recommended that you take a proper backup. It is also advisable to speak to cyber cell and explain them the importance of data.  [/su_spoiler]

[su_spoiler title=”What is a Bitcoin?” style=”fancy”] Bitcoin is a cryptocurrency used by many people. A digital currency which became popular in last couple of years. Due to its inherent nature, Bitcoin has been used as a preferred choice of payment by the cyber criminals.  [/su_spoiler]

[su_spoiler title=”How do I get Bitcoin?” style=”fancy”] There are many websites such ascoinbase.com, BitPay, BitXatm, BitKassa, BitPos, CryptoPay and many more where you can get Bitcoins in exchange of digital currency.[/su_spoiler]

[su_spoiler title=”Is it possible to know where my money is sent using Bitcoin wallet?” style=”fancy”] No [/su_spoiler]

Infographics on Ransomware Decryptor Tools!

Embed the code on your website for quick display

ransomware infographics

So these are some working Ransomware decryptor tools by using which you can easily remove specific types of Ransomwares from your computer or laptop. Stay tuned on this page for more updates on ransomware decryptors.