This article is about specific Decrypt files encrypted by Cryptolocker Ransomware. For other similar software, some using the CryptoLocker name.
The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running Microsoft Windows,and was believed to have first been posted to the Internet on 5 September 2013. It propagated via infected email attachments, and via an existing Gameover ZeuS botnet.When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers.
How to decrypt files encrypted by Cryptolocker Ransomware?
Follow the below mentioned steps one by one and check if the issue gets fix after each step. If the issue remains, you can proceed with the further steps.
Warning : Before making any changes in your computer, I suggest you to create a System Restore point so that you can restore back your computer to previous working stat if something goes wrong.
Method 1: Restore Cryptowall encrypted files using “Previous versions” feature.
- Navigate to the folder or the file that you want to restore in a previous state and right-click on it.
- From the drop-down menu select “Restore Previous Versions”.
- Then choose a particular version of folder or file and then press the:
- Open button to view the contents of that folder/file.
- Copy to copy this folder/file to another location on your computer (e.g. your external hard drive).
- Restore to restore the folder file to the same location and replace the existing one.
Method 2: Restore Cryptowall encrypted files using “Shadow Explorer” utility.
Shadow Explorer, is a free replacement for the Previous Versions feature of Microsoft Windows Vista, 7, & 8 OS to restore lost or damaged files from Shadow Copies.
- Download Shadow Explorer utility from the below link : http://www.shadowexplorer.com/downloads.html+
- Run Shadow Explorer utility and then select the date to restore the shadow copy of folder/files.
- Navigate to the folder/file that needs to be restored to its previous version, right-click on it and select “Export”.
- Specify where the shadow copy the folder/file will be exported / saved and press “OK”.
- Repeat the same steps to restore the other encrypted files in other folders.
Method 3: Ransomware Decryption Tools
First of all, identify the Ransomware which has infected your computer. For this, you may use a free online service called ID Ransomware
You may go through the entire list or press Ctrl+F and search for a specific ransomware name.
Before you use these tools, use any good antivirus software or ransomware removal tool to remove the ransomware. Only then should you use these ransomware file decryptor tools. However, if you have moved your encrypted files to another isolated secure system, you directly use these tools.
1) Emsisoft has released its Decrypter for AutoLocky. AutoLocky is a new ransomware that tries to imitate the sophisticated Locky ransomware but is nowhere near as complex, which makes decryption feasible. Victims of AutoLocky will find their files encrypted and renamed to *.locky. It is available here.
2) Decrypter for HydraCrypt and UmbreCrypt Ransomware: HydraCrypt and UmbreCrypt are the two new Ransomware variants from the CrypBoss Ransomware family. Once successful in breaching your PC security, HydraCrypt and UmbreCrypt can lock your computer and deny access to your own files.
3) CryptoLocker Decryption Tool : This free Decryptlocker or CryptoLocker Decryption online tool from FireEye and Fox-IT to decrypt the Cryptolocker encrypted files. UPDATE: The site appears to have been taken down.
4) Petya ransomware decrypt tool & password generator: PETYA ransomware is one of the most recent online threats for PC users. It is a malware which overwrites the MBR (Master Boot Record) of your PC and leaves it unbootable and also disallows restarting the PC in Safe Mode.
5) Operation Global III Ransomware Decryption Tool: This ransomware attacks your system and then displays a leaving the user with no choice but to pay the ransom amount. All your encrypted file extensions are changed to .EXE and are infected with the malicious codes.
6) Emsisoft has released several decryptor tools for ransomware. This list currently includes ransomware decryption tools for:
Nemucod, DMALocker2, HydraCrypt, DMALocker, CrypBoss, Gomasom, LeChiffre, KeyBTC, Radamant, CryptInfinite, PClock, CryptoDefense, Harasom, Xorist, 777, BadBlock, DApocalypse, ApocalypseVM, Stampado, Fabiansomware, Philadelphia, FenixLocker, Al-Namrood, Globe, OzozaLocker, Globe2, NMoreira or XRatTeam or XPan, OpenToYou or OpenToDecrypt, GlobeImposter, MRCR, Globe3, Marlboro, OpenToYou, CryptON, Damage, Cry9, Cry128, Amnesia, Amnesia2, NemucodAES.
You can get them all for free at their official website along with detailed usage guides.
7) Cisco also offers a free Decryption Tool for TeslaCrypt Ransomware Victims. This TeslaCrypt Decryption Tool is an open source command line utility for decrypting TeslaCrypt ransomware encrypted files so users’ files can be returned to their original state. Read more on it here.
8) TeslaCrack is available on GitHub. It will help you decrypt files that were encrypted with the latest version of the TeslaCrypt ransomware.
9) Ransomware Removal & Response Kit is not a tool, but a compilation of guides and various resources relating to dealing with ransomware, that can prove to be of help. It is a 500 MB download. Read more about it here.
10) Unlock files locked by Decrypt Protect ransomware using this tool from Emsisoft.
11) Trend Micro AntiRansomware Tool will help you take back ownership of your computer by removing the ransomware on infected computers. To use this tool, enter Safe Mode with Networking. Download the Anti-Ransomware software and save it to your desktop. Next double-click on it to install it. Once it has been installed, restart your computer and go to the normal mode where the screen is locked by the ransomware. Now trigger the Anti-Ransomware software by pressing the following keys: Left CTRL+ALT+T+I. Run the Scan, Clean and then Reboot your computer. This tool is useful in cases of ICE Ransomware infections.
12) HitmanPro.Kickstart is a free Ransomware Removal Tool that will help you rescue a ransomed PC. It lets you start your computer from a USB flash drive to remove malware that has ransomed or locked your computer and does not allow you to access it.
13) Shade Ransomware Decryption Tool will help decrypt files with the following extensions: .xtbl, .ytbl, .breaking_bad, .heisenberg. Go get it from McAfee Intel.
15) Kaspersky WindowsUnlocker can be useful if the Ransomware totally blocks access to your computer or even restrict access to select important functions, as it can clean up a ransomware infected Registry.
16) RannohDecryptor from Kaspersky will help decrypt files encrypted by the Rannoh, AutoIt, Fury, Crybola, Cryakl, CryptXXX, CryptXXX v.2, CryptXXX v.3, MarsJoke, Polyglot, Dharma ransomware. Download it from here.
17) Kaspersky have also released several other decryptor tools like Rector Decryptor, Rakhni Decryptor, Wildfire Decryptor, Scraper Decryptor, Shade Decryptor, Scatter Decryptor, Xoris Decryptor, etc – go get them here. They will decrypt files encrypted by Rakhni, Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Lortok, Cryptokluchen, Democry, Bitman, TeslaCrypt and other ransomware.
18) Check Point has released a Cerber Ransomware Decryption Tool. It is an online tool where you have to upload a file. UPDATE: This Cerber Ransomware Decryption Tool has been rendered ineffective. Merry X-Mas Decryptor from CheckPoint can decrypt files encrypted by the Merry X-Mas ransomware. BarRax decryptor tool is designed to decrypt files encrypted by BarRax. Available at CheckPoint.
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm“, traveled automatically between computers without user interaction. Here you are advised to have anti-virus or Anti-Ransomware software in your computer as a precaution. If you have any more free ransomware decryptor tools to add, please do so in the comments section, linking to their official home or download page.
I hope that the above troubleshooting steps helps you to fix the issue with Decrypt files encrypted by Cryptolocker Ransomware. If you need any further assistance, do comments below. You can also ask more on our Forum.