Over the past few years ransomware has been on the rise, and more and more computer users are being affected by them. Once your system gets infected with ransomware, it encrypts all your data and holds it for a ransom (usually a few hundred dollars).
Ransomware is profitable for its creators and very devastating for the users. Thankfully, many researchers and security firms have created free decryption tools to decrypt the files or data encrypted by ransomware. If you are affected by ransomware, here are some free ransomware decryption tools that can help you get your data back.
A Few Things to Know
1. Before using any ransomware decryption tool, make sure that you’ve removed the infection from your system with a capable and up-to-date anti-virus or anti-malware software. Otherwise, the ransomware may encrypt all your files as soon as you decrypt them.
2. There is no universal decryption tool to decrypt the data encrypted by ransomware. So before using a ransomware decryption tool, you first need to identify the ransomware. Once identified, you can use the decryption tool specifically designed to deal with that ransomware. Generally, you can identify the ransomware by simply looking at the warning message presented by the ransomware or by the extension of an encrypted file.
3. Each ransomware decryption tool has its own instructions on how to use it. So do read the usage guide thoroughly before using the decryption tool.
1. Rakhni Decryptor
Rakhni Decryptor is designed by Kaspersky Lab to decrypt files encrypted by some of the more famous ransomware. These ransomware varients include Rakhni, Agent.iih, Aura, Crysis (version 2 and 3), Autoit, Rotor, Pletor, Lamer, Lortok, Cryptokluchen, Chimera, Democry, and TeslaCrypt (version 3 and 4). Rakhni Decryptor is also updated to decrypt files encrypted by Dharma ransomware.
Most are probably familiar with the recent WannaCry ransomware which successfully spread to more than 100 countries. WanaKiwi is based on Wanadecrypt and provides a simple way to decrypt or recover the files encrypted by WannaCry. The decryptor supports Windows XP, Windows Vista, Windows 7, Windows Server 2003 and 2008. However, the caveat is that it can only recover your files if the system has not been rebooted after the infection. If your system is rebooted or if the Wannacry process has been killed, WanaKiwi cannot recover your files.
3. Rannoh Decryptor
Rannoh Decryptor was also developed by Kaspersky Lab. Just like Rakhni Decryptor, Rannoh can decrypt files encrypted by Rannoh, CryptXXX (versions 1, 2 and 3), Fury, Cryakl, AutoIt, Polyglot aka Marsjoke, and Crybola. Kaspersky Lab has also released several other ransomware decryption tools to help you decrypt data encrypted by other ransomware. You can download them from here.
4. Emsisoft Ransomware Decryption Tools
Emsisoft released several free ransomware decryption tools to quickly decrypt files encrypted by some of the major ransomware. These ransomware variants include but are not limited to BadBlock, Apocalyse, Xorist, ApocalypseVM, Stampado, Fabiansomware, Philadelphia, Al-Namrood, FenixLocker, Globe (version 1, 2, and 3), OzozaLocker, GlobeImposter, NMoreira, CryptON, Cry128, and Amnesia (version 1 and 2). Just identify the ransomware you were infected with and download the decryptor, if available.
5. AVG Ransomware Decryption Tools
AVG also released multiple decryption tools for ransomware like Apocalypse BadBlock, Bart, Crypt888, Legion, SZFLocker, and TeslaCrypt. The good thing is the AVG download page tells you how to identify the said ransomware and helps you download the appropriate decryption tool.
6. Avast Ransomware Decryption Tools
Just like Emsisoft, Avast released several ransomware decryption tools. Using the provided tools you can decrypt data encrypted by AES_NI, BTCWare, CrySiS, HiddenTear, NoobCrypt, SZFLocker, XData, Alcatraz Locker, FindZip, etc. Just head over to the download page, identify the ransomware using the instructions and download the decryption tool.
Considering the severity of ransomware, a joint campaign called NoMoreRansom was initiated by Intel Security, Europol, Dutch National Police, and Kaspersky Lab. This coalition educates users and provides free decryption tools to recover encrypted data. As of writing this, NoRansomware website has more than 40 decryption tools supplied by different security researchers, firms, and other members of the organization. If you don’t know which ransomware attacked your system, simply upload two sample files from your PC. As soon as you upload them, the website will identify the ransomware and provide you with the required decryption tool, if available.
Do comment below about using the above sources to download ransomware decryption tools and recover encrypted data.
Image credit: Christiaan Colen