Ransomware File Decryptor Tool – Download and Usage

Ransomware File Decryptor is a tool developed by Trend Micro to recover files infected by specific types of ransomware. Please note that this tool may not work for all versions of ransomware. Some attackers are updating their ransom programs after learning that there are free tools available to recover encrypted files. Please see the list of ransomware with corresponding versions and filenames that this tool can handle.

  • 777 – (file name).777 | Example: myfile.doc will be myfile.doc.777
  • AutoLocky  – (file name).locky | Expample: myfile.jpg will be myfile.jpg.locky
  • BadBlock (file name)
  • CERBER V1 – (10 random characters).cerber | Example: myfile.jpg will be Thd8Yhns7R.cerber
  • Chimera – (file name).crypt | Example: myfile.doc will be myfile.doc.crypt
  • CryptXXX V1, V2, V3 – (file name}.crypt, .cryp1, .crypz, or 5 random characters | Example: myfile.jpg will be myfile.jpg.crypt or myfile.jpg.G5Th4s
  • CryptXXX V4, V5 – (MD5 Hash).5 random characters
  • Nemucod – (file name).crypted | Exmaple: myfile.doc will be myfile.doc.crypted
  • Stampado – (file name).locked | Example: myfile.jpg will be myfile.jpg.locked
  • SNSLocker – (file name).RSNSLocked | Example: myfile.doc will be myfile.doc.RSNSLocked
  • TeslaCrypt V1 – (file name).ECC | Example: myfile.jpg will be myfile.jpg.ECC
  • TeslaCrypt V2 – (file name).VVV, .CCC, .ZZZ, .AAA, .ABC, .XYZ | Example: myfile.doc will be myfile.doc.VVV or myfile.doc.XYZ
  • TeslaCrypt V3 – (file name).XXX, .TTT, .MP3, or .MICRO | Example:  myfile.jpg will be myfile.jpg.XXX
  • TeslaCrypt V4 – No changes on file name and extension
  • XORIST – (file name).xorist or random extension | Example: myfile.doc will be myfile.doc.xorist
  • XORBAT – (file name}.crypted | Example: myfile.jpg will be myfile.jpg.crypted

How to Download and Use Ransomware File Decryptor Tool

Disclaimer: By downloading and using this tool, you are considered to have read the publisher’s disclaimer and agreed to the terms and conditions as declared on the official web site.

1. Click on the link below to download Ransomware File Decryptor from the Trend Micro web site.
RansomwareFileDecryptor Official Site (this will open in a new window)

2. Save the file to your hard drive, desktop, or any location on your hard drive.

3. Once the download is complete, decompress the file and double-click to run.

4. If it prompts for an End User License Agreement (EULA), please Accept to proceed.

5. The tool will launch the main user interface. Click on the Select button.

RansomwareFileDecryptor

6. Under “Select Ransomware Name“, please choose Ransomware type. Then, press OK to save your choice. If you are unsure of which ransomware hits your computer, please look at the file names of infected files and refer to the list above. You may also refer to a text file, an HTML file, or documented ransom notes placed by the malware on various locations of the computer. This tool may also help you identify the type of ransomware by clicking on the “I don’t know the ransomware name” link.

Cerber Decryptor

7. On the main interface, click on the Select & Decrypt button. See the image below for reference.

Decrypt Cerber

8. Select a file or Folder that was encrypted by ransomware. This tool can either decrypt a single file or all files inside the folder and its sub-folders.

Scan Cerber

9. This ransomware file decryptor tool will start scanning the computer and immediately decrypt files. Recovery time may vary depending on the quantity of affected files and folders.

The decrypted file will retain the previously encrypted file name. For files that were not changed by ransomware, the new decrypted file name will be (filename)decrypted.extension.

Originally published on August 18, 2016 at 10:37

About the author

38 thoughts on “Ransomware File Decryptor Tool – Download and Usage”

  1. My files are encrypted with extension name .CERBER3 IS IT NEW TYPE OF CERBER RANSOMWARE BECAUSE IT IS NOT DECRYPTED WITH THIS SOFTWARE

    Tried renaming the file extension to .Cerber still no luck.

    Please assist. My no is 9654379403

  2. My files are encrypted with extension name .CERBER3. IS IT NEW TYPE OF CERBER RANSOMWARE BECAUSE IT IS NOT DECRYPTED WITH THIS SOFTWARE. PLEASE HELP ME REGARDING THIS.

  3. Please help me with my data which is encrypt with .cerber3. Give me the link of software from which I can decrypt my data urgent.

  4. Please help me with my data which is encrypt with .cerber3. Give me the link of software from which I can decrypt my data urgent.

  5. MY PROBLEM IS SAME LIKE OTHER PEOPLE.
    PLEASE HELP ME FROM .CERBER3
    WHICH SOFTWARE IS GOOD FOR CERBER3 VIRUS?
    PLEASE HELP US!!!

  6. Any decryption tool for .zepto virus? My files has been affected by Zepto virus.

  7. Please Help ! I copied this from Malwarebytes log file after removing a virus that infected my computer (the background changed and it had a green text saying it was a CERBER virus and I must pay to get files back) the file name is 10 random characters but the extension is “9c4c” please help me ID the ransomware
    ————————————————————–
    Processes: 2
    Trojan.Injector,
    Ransom.Cerber.NSIS,
    etc…

  8. Help! Not sure which Ransomware i was infected with, but it added the .30248997 extension to all of my document, picture, and most video files on my computer and every mapped network drive..

    Need to know the Name and find a Decrypter!

  9. soundrapandian

    MY PROBLEM IS SAME LIKE OTHER PEOPLE.
    PLEASE HELP ME FROM .CERBER3
    WHICH SOFTWARE IS GOOD FOR CERBER 3 VIRUS?
    PLEASE HELP US!!

  10. Muhammad Areeb

    My files are encrypted by extension .9986 , this is may be the latest Cerber Ransomware extension.
    what should I do?

  11. My files are encrypted by extension .982e Cerber Ransomware extension.
    what should I do?

  12. I am trying to pay, but their free trial is not working. They don’t want the money?

  13. My files are encrypted by *****.b1ef Cerber Ransomware.

    How can you solve this Problem?

  14. My files are encrypted by **********.9B72
    I am sure the Cerber Ransomware is at fault and need to decrypt my files. What should I do after I removed the viruses?

  15. KN33WR9Z-DMK3-KYUF-3B4A-8FEF253DDD34.zzzzz all my files in that format -.-‘ what’s the name of that variant ?

  16. My files are encrypted by the name of .bfcd file. How to solve this problem, please help me. I tried all ransomware software but there is no use.

  17. Dear All,

    My file is encrypted by CERBER ware with an extension .8593
    Please HELP.
    Mesfin/ETHIOPIA

  18. Please suggest any tool to decrypt files with extension .8b36. I can’t decrypt it. I have tried all software and tools but to no avail. Please help me.

  19. Found Riskware.IFEOHijack and files now have a crypt extension.

    Tried to decrypt on the desktop folder of the user I am signed on as and other users not signed on. No effect.

    Any advise appreciated.

  20. Please help. My files are encrypted with Cerber Ransomware in a format .97a7.
    All of my files are in this format, can you help please me?

  21. Hi everybody,

    I’ve download the Decryptor tool, I tried it and no positive results for me.
    I’ve an Cerber ransomware and my files are like this for example: abcdefghi.af88.

    I’ve never seen an (.af88) after, globally there are on (.cerber) files or other else but not like mine.
    So, nowadays there’s not exist an Decryptor for my files and rarely the others ransomware locked files.

    Since today, let’s takes our files on external hard drive or take them on cloud for more security.

    Good lucks !

  22. 09/11/17:
    BTCWare.Blocker Ransomware Infection.

    File Name Syntax: FileName.Ext.[usermsd@cock.li].blocking

    Can you help?
    Thanks.

  23. I think I’m victim of a new ransomware.
    it has added “.{BrabusDangers@india.com}XX” at the end of file.

    Can you help me?

  24. My computer infected by cerber2 virus on 2016 but still there is no decrypt tool found.

  25. please help me

    MACs: 10:78:D2:CC:56:11, 10:78:D2:D1:DA:D6, 00:1A:7D:DA:71:13
    —————————————-
    STOPDecrypter v2.1.0.20
    OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
    —————————————-

    No key for ID: If61t1CEpy1gSe604elJrXkTQGGWwneWulro4t1b (.ndarod )
    Unidentified ID: If61t1CEpy1gSe604elJrXkTQGGWwneWulro4t1b (.ndarod )
    MACs: 10:78:D2:CC:56:11, 10:78:D2:D1:DA:D6, 00:1A:7D:DA:71:13
    Decrypted 107 files, skipped 2037

Leave a Comment

Your email address will not be published. Required fields are marked *