Our Knowledge

7 of the best Windows ransomware decryption tools

In recent years, ransomware has emerged as the most pervasive and insidious cyber-weapon wielded by hackers, and more and more computer users are finding themselves under attack. Having infiltrated your system, the ransomware then encrypts all your data and only allows you access back to it for a ransom. The ransom is often only a few hundred pounds, but can be much, much more.

In short, ransomware is most lucrative for its architects and most destructive for its victims. Mercifully, a counter-strike is underway and many developers and tech firms are creating free decryption tools which decrypt the files and/or data encrypted by ransomware. If you find yourself affected by this most pernicious of innovations, here we suggest some free ransomware decryption tools that can help you get your data back.


A Few Things to Know

  1. Before you do anything, ensure you’ve removed the virus from your system with a capable and up-to-date anti-virus or anti-malware software. Skip this step and the ransomware can re-encrypt all your files just as soon as you decrypt them.


  1. As yet, there is no universal decryption tool that nullifies all ransomware. So, before using a ransomware decryption tool, first you need to identify what type of ransomware you’re dealing with. Once identified, you can select the decryption tool specifically designed to deal with that ransomware. Usually, ransomware reveals itself through a warning message or it can be identified by looking at the extension of an encrypted file.


  1. Ransomware decryption tools contain instructions on proper usage. Put your ego to one side and readthe instructions.


1. Rakhni Decryptor

Designed by Kaspersky Lab, Rakhni Decryptor is used to decrypt files encrypted by some of the more infamous ransomware. Amongst the ransomware it can be sent into battle against is Rakhni, Agent.iih, Aura, Crysis (version 2 and 3), Autoit, Rotor, Pletor, Lamer, Lortok, Cryptokluchen, Chimera, Democry, and TeslaCrypt (version 3 and 4). Rakhni Decryptor is also updated to decrypt files encrypted by Dharma ransomware.


2. WanaKiwi

The WannaCry ransomware which successfully spread to more than 100 countries in 2016 and affected even hospitals, is still fresh in the mind of most. WanaKiwi is based on Wanadecrypt and provides a straightforward way to decrypt or recover files encrypted by WannaCry. The decryptor supports Windows XP, Windows Vista, Windows 7, and Windows Server 2003 and 2008.

However, there is a caveat attached. WanaKiwi can only recover files if the system has notbeen rebooted after contamination. If you’ve already done a reboot, or if the Wannacry process has been eradicated, WanaKiwi cannot recover your files.


3. Rannoh Decryptor

Another Kaspersky Lab creation, Rannoh Decryptor works like Rakhni Decryptor. It decrypts files encrypted by Rannoh, CryptXXX (versions 1, 2 and 3), Fury, Cryakl, AutoIt, Polyglot aka Marsjoke, and Crybola.


4. Emsisoft Ransomware Decryption Tools

Emsisoft released a suite of free ransomware decryption tools to quickly decrypt files encrypted by some of the more prominent ransomware currently at large. Amongst the Emsisoft inventory are BadBlock, Apocalyse, Xorist, ApocalypseVM, Stampado, Fabiansomware, Philadelphia, Al-Namrood, FenixLocker, Globe (version 1, 2, and 3), OzozaLocker, GlobeImposter, NMoreira, CryptON, Cry128, and Amnesia (version 1 and 2).

Users need first identify the ransomware they were infected with and download the applicable decryptor.


5. AVG Ransomware Decryption Tools

AVG also released multiple decryption tools for ransomware like Apocalypse BadBlock, Bart, Crypt888, Legion, SZFLocker, and TeslaCrypt. The good thing is the AVG download page tells you how to identify the said ransomware and helps you download the appropriate decryption tool.


6. Avast Ransomware Decryption Tools

Just like Emsisoft, Avast released several ransomware decryption tools. Using the provided tools you can decrypt data encrypted by AES_NI, BTCWare, CrySiS, HiddenTear, NoobCrypt, SZFLocker, XData, Alcatraz Locker, FindZip, etc. Just head over to the download page, identify the ransomware using the instructions and download the decryption tool.


 7. NoMoreRansom

As ransomware began to position itself as the most significant contemporary cyber-threat, a joint campaign called NoMoreRansom was instigated by Intel Security, Europol, Dutch National Police, and Kaspersky Lab.


The alliance educates users and supplies free decryption tools to recover encrypted data. In the event you are unable to identify which ransomware attacked your system, you can upload two sample files from your computer and the website will identify the ransomware and provide you with the necessary decryption tool, if available.

Read more from Our Knowledge...

Looking for insights from your industry? Curious to hear the views and thoughts of a diverse and interesting network?

Join the Friday Flash!

A weekly dose of something a little different.