Ransomware Decryption Guide

Within this guide, we will attempt to help those of our readers who have had the misfortune of having their PC infected and their files locked by a Ransomware virus. The instructions below will guide you through several methods that can potentially enable you to decrypt any files that have been locked by a Ransomware virus.

However, you must bear in mind that there is a huge number of Ransomware viruses out there – this current guide might help you unlock files that have been encrypted by some of them while failing to recover data that has been taken hostage by others. We cannot guarantee you that even if you go through with the guide, your computer files would certainly get unlocked. That said, it is still strongly recommended that you try out the instructions on this page and only if the do not work for you, consider taking another course of action.

Identifying the Ransomware

Before you go any further with your files’ decryption, you must first make sure that you actually know what the exact Ransomware that has encrypted your data is. There are couple of ways to identify the virus.

Inspect the ransom note

The first and easiest way to find out the name of the Ransomware is to simply read the ransom-demanding note that it has most likely left on your PC. Depending on which Ransomware you might be dealing with, the note might get displayed as a banner on your screen or the virus might generate a notepad file on your desktop or in some other directory. Regardless of the how the ransom note is presented to you, within it, there should be information about the virus and maybe its name will also be written in it. Therefore, check the note and see if you can learn the malware’s name that way.

Use ID Ransomware

If you are struggling to learn the name of the Ransomware that has infected your PC, you can use a free online tool called ID Ransomware. Visit this page to access the tool. Once you go to ID Ransomware, you will have to upload the ransom note file that the virus has left behind as well as a sample of an encrypted file. If there is no ransom note, there’s a field where you can add other information about the virus such as e-mail or IP addresses that the Ransomware has provided you with. Once you’ve uploaded and filled in all the required info, the online tool will identify the virus if it is present within its library.

Warning! – Before you go any further, you must have made sure that the actual malware virus has been removed from your system so that it won’t be able to re-encrypt any files that you might get unlocked, if the virus hasn’t been removed yet, any files that you might decrypt could get locked once again by it. Also, we strongly advise you to make back-up copies of your files and upload then to a separate device (preferably, not another PC or a smartphone but a flash drive for example). Some Ransomware viruses threaten to delete the locked-up data if you attempt to decrypt it without paying which is why it is important to have it backed-up.

Shadow Clone Restore

The first method that we advise you to try against a Ransomware encryption is restoring your data through shadow copies. When the virus encrypts your data, it first deletes the original files and replaces them with identical copies that are encrypted. However, the deleted originals might still be recovered if you are lucky. The tool we will show you here may potentially be able to do that.

  1. Go to this link to download Data Recovery Pro – a free shadow copy restoration tool.
  2. Install the program and run it.
  3. Choose a scan option. We advise you to do a full scan for best results and also have the scan done for all files.
  4. Once the scanning is finished (Full scan can take a while, be patient), look through the list of files and choose the ones that you want to recover.

Using decryptor tools

There are many decryptors for Ransowmare out there. Here, we will try to keep you updated regarding any such tools that we learn about. However, note that most newer forms of Ransomware do not yet have a decryptor developed for them. That said, if you are lucky, the following list of decryption programs might include a tool that will be able to unlock your files. We will provide download links for the tools that we post here so that you can directly download the one that you might need and put into use.

Trend Micro Decryptor Tool (Free)

This software tool developed by Trend Micro can decipher the encryptions of a number of Ransomware viruses. Also, every now and then it receives updates with new Ransomware viruses that it can decrypt. You can download the Trend Micro Decryptor tool from here.

Here is also a list of the viruses that this decryptor can currently deal handle

  • CryptXXX V1, V2, V3
  • CryptXXX V4, V5
  • TeslaCrypt V1
  • TeslaCrypt V2
  • TeslaCrypt V3
  • TeslaCrypt V4
  • SNSLocker
  • AutoLocky
  • BadBlock
  • 777
  • Stampado
  • Nemucod
  • Chimera
  • MirCop
  • Jigsaw
  • Globe/Purge
  • DXXD
  • Teamxrat/Xpan
  • Crysis
  • TeleCrypt

Emisoft Decryptors (Free)

Another security company that offers a significant number of decryption options is Emisoft. They have created separate decryptor tools for a big number of Ransomware viruses and are also developing new ones. You can visit their site and download the decryptor that you need from this link.

Here are some of the Ransomware versions that Emisoft has covered and created decryptors for:

  • NumecodAES
  • Amnesia
  • Amnesia2
  • Cry128
  • Cry9
  • Damage
  • CryptON
  • MrCr
  • Malboro
  • Globe3
  • OpenToYou

and others…

Decryptor for Petya (Free)

The Petya Ransomware works differently from most other similar viruses. It directly blocks the access to your PC making you unable to boot into Windows until you make the demanded payment. Here, unlocking your PC is trickier than simply decrypting a couple of files.

First, you’d need to unplug your PC’s HDD and plug it in inside another PC. The other machine should have a reliable antivirus on it just in case. Next, download this Petya Sector Extractor (developed by Wosar) and run it – it will extract the necessary data which you will need to fill in on this page. After submitting the required data, you will receive a code that you must write down on paper or on another device. Put the Hard-Disk back into your PC and once the Petya screen appears, fill in the code that you received.

.locked decryptor (Rakhni Ransomware) (Free)

In order to decrypt files locked by Rakhni (ads the .locked extension to your files after encryption), use this link to download the decryptor and to unlock your data.

Note to readers

So far, those are the relevant Ransoware decryptors and decryptor developers that we have been able to find. We will make sure to keep this article updated with any new entries that we come across. Unfortunately, there are still many nasty Ransomware viruses out there that still don’t have a decryptor or some other method that would allow victims to deal with them. Security experts are trying really hard to come up with solutions for newer versions of this noxious malware type but hackers still seem to be a couple of steps ahead. Therefore, always remember that it is simply better to stay safe and not fall prey to such malicious viruses rather than having to deal with what they’ve done with your files or PC.

 Last but not least, if you have a suggestion for a decryptor that we missed or are seeking information about a Ransomware virus that wasn’t mentioned here, be sure to hit us up in the comment section and we will make sure to answer your request the best way we can.


Boris is a writer and an editor of the articles on Malware Complaints. His mission is to provide the readers of our website with essential information and details with regards to various malicious programs, software viruses, potentially unwanted applications and any other form of malware that you, the users, might encounter. In addition, he also posts reviews of different programs and applications as well as news articles on various interesting and important topics related to the software world.

Leave a Reply

Your email address will not be published. Required fields are marked *