Ransomware File Decryptor Tool – Download and Usage

Ransomware File Decryptor is a tool developed by Trend Micro to recover files infected by specific types of ransomware. Please note that this tool may not work for all versions of ransomware. Some attackers are updating their ransom programs after learning that there are free tools available to recover encrypted files. Please see the list of ransomware with corresponding versions and filenames that this tool can handle.

  • 777 – (file name).777 | Example: myfile.doc will be myfile.doc.777
  • AutoLocky  – (file name).locky | Expample: myfile.jpg will be myfile.jpg.locky
  • BadBlock (file name)
  • CERBER V1 – (10 random characters).cerber | Example: myfile.jpg will be Thd8Yhns7R.cerber
  • Chimera – (file name).crypt | Example: myfile.doc will be myfile.doc.crypt
  • CryptXXX V1, V2, V3 – (file name}.crypt, .cryp1, .crypz, or 5 random characters | Example: myfile.jpg will be myfile.jpg.crypt or myfile.jpg.G5Th4s
  • CryptXXX V4, V5 – (MD5 Hash).5 random characters
  • Nemucod – (file name).crypted | Exmaple: myfile.doc will be myfile.doc.crypted
  • Stampado – (file name).locked | Example: myfile.jpg will be myfile.jpg.locked
  • SNSLocker – (file name).RSNSLocked | Example: myfile.doc will be myfile.doc.RSNSLocked
  • TeslaCrypt V1 – (file name).ECC | Example: myfile.jpg will be myfile.jpg.ECC
  • TeslaCrypt V2 – (file name).VVV, .CCC, .ZZZ, .AAA, .ABC, .XYZ | Example: myfile.doc will be myfile.doc.VVV or myfile.doc.XYZ
  • TeslaCrypt V3 – (file name).XXX, .TTT, .MP3, or .MICRO | Example:  myfile.jpg will be myfile.jpg.XXX
  • TeslaCrypt V4 – No changes on file name and extension
  • XORIST – (file name).xorist or random extension | Example: myfile.doc will be myfile.doc.xorist
  • XORBAT – (file name}.crypted | Example: myfile.jpg will be myfile.jpg.crypted

How to Download and Use Ransomware File Decryptor Tool

Disclaimer: By downloading and using this tool, you are considered to have read the publisher’s disclaimer and agreed to the terms and conditions as declared on the official web site.

1. Click on the link below to download Ransomware File Decryptor from the Trend Micro web site.
RansomwareFileDecryptor Official Site (this will open in a new window)

2. Save the file to your hard drive, desktop, or any location on your hard drive.

3. Once the download is complete, decompress the file and double-click to run.

4. If it prompts for an End User License Agreement (EULA), please Accept to proceed.

5. The tool will launch the main user interface. Click on the Select button.

RansomwareFileDecryptor

6. Under “Select Ransomware Name“, please choose Ransomware type. Then, press OK to save your choice. If you are unsure of which ransomware hits your computer, please look at the file names of infected files and refer to the list above. You may also refer to a text file, an HTML file, or documented ransom notes placed by the malware on various locations of the computer. This tool may also help you identify the type of ransomware by clicking on the “I don’t know the ransomware name” link.

Cerber Decryptor

7. On the main interface, click on the Select & Decrypt button. See the image below for reference.

Decrypt Cerber

8. Select a file or Folder that was encrypted by ransomware. This tool can either decrypt a single file or all files inside the folder and its sub-folders.

Scan Cerber

9. This ransomware file decryptor tool will start scanning the computer and immediately decrypt files. Recovery time may vary depending on the quantity of affected files and folders.

The decrypted file will retain the previously encrypted file name. For files that were not changed by ransomware, the new decrypted file name will be (filename)decrypted.extension.

Originally published on August 18, 2016 at 10:37

About the author

Discussion

Subscribe
Notify of
guest
38 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Scroll to Top