14 Ransomware Tools to Detect and Decrypt Locked-up Data

ransomware locked up critical business information

Ransomware is a known cyber risk that is part and parcel of doing business online. Ransomware is malicious software that locks a user out of their device leaving the victim unable to access information on the locked device. 

Ransomware is a such a growing concern affecting all industries due to the attackers becoming more aggressive cold calling victims and seeking huge ransom demands to be paid before critical business data can be unlocked, else it gets released publicly online. Many small businesses cannot survive a ransomware attack with 60 percent going completely bankrupt.

A number of big businesses have suffered a ransomware attack where they decided to pay the ransom demands, but you do not have to panic or be bullied into paying the ransom by the attackers. 

Here are resources to help you identify which ransomware has locked-up your information, as well as locating a tool that can remove the ransomware (decryptor), so you can access your information and device again. 

How to tell which ransomware you are infected with and whether it can be decrypted:

To begin the process of removing ransomware locking up your information, you need to tell what kind of malware it is, and thereafter look for a solution or decryptor that might be available. If the decryptor is available, that means the ransomware can be cleaned off your information and device.

Here are two ransomware tools to detect and recognize the ransomware you have:

• ID Ransomware offers a ransomware identification service that detects and informs the victim of the kind of ransomware that has locked their information, and whether a known decryptor is available. The service is updated to detect 1,066 different kinds of ransomware. 


• Bitdefender has a ransomware recognition tool that a victim can download and run to identify the kind of ransomware that has locked up your information. 

ransomware families with decryptor available

Next are the resources you can use to find ransomware decryptors and removal tools. Please read and follow the instructions in the the howto guides for the particular ransomware tool(s) you choose.

Ransomware decryptor and removal resources:

1. No more Ransom project has several ransomware decryption tools that include: 777, AES_NI, Agent.iih,Alcatraz, Alpha, Amnesia, Amnesia2, Annabelle, Aura, Aurora, AutoIt, AutoLocky, Avest, BTCWare, BadBlock, BarRax, Bart, BigBobRoss, Bitcryptor, CERBER V1, CheckMail7,Chernolocker, Chimera, Coinvault ,Cry128, Cry9, CryCryptor, CrySIS, Cryakl, Crybola, Crypt888, CryptON, CryptXXX V1, CryptXXX V2, CryptXXX V3, CryptXXX V4, CryptXXX V5, CryptoMix, Cryptokluchen, DXXD, Damage, Democry, Derialock, Dharma, DragonCyber ElvisPresley, EncrypTile, Everbe 1.0, FenixLocker, FilesLocker v1 and v2, FortuneCrypt, Fury, GalactiCryper, GandCrab (V1, V4 and V5 up to V5.2 versions), GetCrypt,Globe, Globe/Purge, Globe2, Globe3, GlobeImposter, GoGoogle, Gomasom, HKCrypt, Hakbit, HiddenTear, HildaCrypt, Iams00rry, InsaneCrypt, Iwanttits, JSWorm 2.0, JSWorm 4.0, Jaff, JavaLocker, Jigsaw, Kokokrypt, LECHIFFRE, LambdaLocker, Lamer, Linux.Encoder.1, Linux.Encoder.3, Loocipher, Lortok, MacRansom, Magniber, Mapo, Marlboro, Marsjoke aka Polyglot, MegaLocker, Merry X-Mas, MirCop, Mira, Mole, Muhstik, Nemty, Nemucod, NemucodAES, Nmoreira, Noobcrypt, Ouroboros, Ozozalocker, PHP ransomware, Paradise, Pewcrypt, Philadelphia, Planetary, Pletor, Popcorn, Professeur, Puma, Pylocky, Rakhni, Rannoh, Ransomwared, RedRum, Rotor,SNSLocker, Shade, SimpleLocker, Simplocker, SpartCrypt, Stampado, Syrk, Teamxrat/Xpan, TeslaCrypt V1, TeslaCrypt V2, TeslaCrypt V3, TeslaCrypt V4, Thanatos, Trustezeb, TurkStatic, VCRYPTOR, WannaCryFake, Wildfire, XData, XORBAT, XORIST, Yatron, ZQ, ZeroFucks, Zorab, djvu 


2. Heimdal security has a resource with 216 ransomware decryption tools that include:.777, 7even-HONE$T, .8lock8, 7ev3n, AES_NI Rakhni, Agent.iih, Alcatraz, Alma, Al-Namrood, Alpha, AlphaLocker, Amnesia, Amnesia, Anabelle, Apocalypse, ApocalypseVM, AtomSilo, Aura, Aurora, AutoIt, Autolocky, Avaddon, Avest, Babuk, Badblock, BarRax, BigBobRoss, BitCryptor, Bitman, BitStak, BTCWare, Cerber V1, Chimera, CheckMail7, ChernoLocker, CoinVault, Cry128, Cry9, Cryakl, Crybola, CrypBoss, CryCryptor, Crypren, Crypt32, Crypt38, Crypt888, CryptInfinite, CryptoDefense, CryptFile2,CryptoHost, Cryptokluchen, Cryptolocker, CryptoMix, CryptON, CryptoTorLocker, CryptXXX, CrySIS, CTB-LockerWeb, CuteRansomware, Cyborg, Damage, Darkside, DemoTool, DeCrypt, Democry, Derialock, Dharma, Diavol, DMA Locker, DragonCyber, DXXD, Egregor, Encryptile, ElvisPresley, Everbe, Fabiansomware, FenixLocker, FilesLocker (V1 and V2), FortuneCrypt, Fonix, Fury, GalactiCryper,GandCrab (V1, V4, V5), gandcrab 5.2, Gerosan, GetCrypt, GhostCrypt, Globe / Purge, Globe2, Globe3, GlobeImpostor, Gomasom, GoGoogle Hacked, Hakbit, Harasom, HydraCrypt, HiddenTear, HildraCrypt, HKCrypt, Iams00rry, InsaneCrypt, Iwanttits, Jaff, JavaLocker, Jigsaw, JS WORM 2.0, JS WORM 4.0, Judge, KeRanger, KeyBTC, KimcilWare, KokoKrypt, Lamer, LambdaLocker, LeChiffre, Legion, Linux.Encoder, Linux.Encoder.3, Lobzik, LockFile,Lock Screen, Locker, Loocipher, Lorenz,Lortok, MacRansom, Magniber, MaMoCrypt, Mapo, Marlboro, MarsJoke, Manamecrypt, MegaLocker, Merry Christmas / MRCR, Mira, Mircop,Mole,MoneroPay, muhstik, my-Little, Nanolocker, Nemty, Nemucod, NemucodAES, NMoreira, Noobcrypt, ODCODC, OpenToYou, Operation Global III, Ouroboros, Ozozalocker, Paradise,PClock ,Petya, PewCrypt, Philadelphia, PizzaCrypts, Planetary, Pletor, Polyglot, Pompous, PowerWare / PoshCoder, Popcorn, Professeur, Puma, PyLocky, Radamant, RAGNAROK, Rakhni, Rannoh, Ransomwared, Rector, RedRum, REvil/Sodinokibi, Rotor, Scraper, Sekhmet, SimpleLocker, Simplocker, Shade / Troldesh, SNSLocker, SpartCrypt, Stampado,STOP Djvu, SynAck, Syrk, SZFlocker, Teamxrat / Xpan, TeleCrypt, TeslaCrypt, TeslaCrypt V2, TeslaCrypt V3, TeslaCrypt V4, Thanatos, ThunderX, Trustezeb.A, TurkStatic, TorrentLocker, Umbrecrypt, VCRYPTOR, WannaCry, WannaCryFake, WannaRen, Wildfire, XData, XORBAT, XORIST, Yatron, ZeroFcks, Zeta, Ziggy, Zorab, ZQ,


3. MDS has 167 ransomware decryption tools that unlock files encrypted with: 777, AES_NI, Agent.iih, Alcatraz, Amnesia, Amnesia2, Aura, AutoIt, AutoLocky, BTCWare, BadBlock, BadBlock, BarRax, Bart, Bitcryptor, CERBER V1,Chimera, Coinvault, Cry128, Cry9, CrySIS, Cryakl,Crybola, Crypt888, CryptON, CryptXXX V1, CryptXXX V2, CryptXXX V3, CryptXXX V4, CryptXXX V5, CryptoMix, Cryptokluchen, DXXD, Damage, Demsocry, Derialock, Dharma, EncrypTile, FenixLocker, Fury,Globe, Globe/Purge,Globe2, Globe3, GlobeImposter, Gomasom, HiddenTear, Jaff, Jigsaw, LECHIFFRE, LambdaLocker, Lamer, Linux.Encoder.1, Linux.Encoder.3, Lortok, MRCR, MacRansom, Marlboro, Marsjoke aka Polyglot, Merry X-Mas, MirCop, Mole, Nemucod, Nmoreira, Noobcrypt, Ozozalocker, PHP ransomware, Philadelphia, Pletor, Popcorn, Rakhni, Rannoh, Rotor, SNSLocker, Shade,  Stampado, Teamxrat/Xpan, TeslaCrypt V1, TeslaCrypt V2, TeslaCrypt V3, TeslaCrypt V4, Wildfire, XData, XORBAT, and XORIST


4. Bleeping computer has a several pages where a ransomware victim can download ransomware decryptors to unlock encrypted information, including a helpful support forum where you can post and ask for decryptor to a particular ransomware affecting your information.

Antivirus companies with ransomware protection and decryptors:


5. Bitdefender. Under "Free Tools", Bitdefender antivirus offers 14 ransomware decryptors that include: REvil/Sodinokibi, Avaddon, Fonix, Darkside, MaMoCrypt, WannaRen, GoGoogle, Shade / Troldesh, Paradise, Ouroboros, GandCrab (V5.1), LookCrypt, Annabelle and Rootkit remover.


6. Kaspersky, offers various ransomware decryptors and removal tools for: shade, rakhni, rannoh, coinvault, wildfire, and xorist.


7. Trendmicro. A ransomware victim can download and use the Trend Micro Ransomware File Decryptor that unlocks information encrypted by 23 different ransomware families that include: 
8. CryptXXX (V1, V2, v3, v4, v5), TeslaCrypt (V1, V2, v3, v4), SNSLocker, AutoLocky, BadBlock, 777, XORIST, XORBAT, CERBER V1, Stampado, Nemucod, Chimera, LECHIFFRE, MirCop, Jigsaw, Globe/Purge, DXXD, Teamxrat/Xpan, Crysis, TeleCrypt, DemoTool, WannaCry (WCRY), and Petya.


9. McAfee Ransomware Recover offers two ransomware decryption tools that you avictinm can download to unlock files, applications, databases and any other objects the ransomware has encrypted.


10. Emsisoft offers free ransomware decryption tools that include: 777, Al-Namrood, Amnesia, Amnesia2 decryptor, Apocalypse decryptor, ApocalypseVM, Aurora decryptor, AutoLocky decryptor, Avaddon decryptor, Avest decryptor, BadBlock decryptor, BigBobRoss decryptor (file extension ".obfuscated", ".encryptedALL", or ".cheetah"), CheckMail7 (extension ".checkmail7@protonmail.com"), ChernoLocker (file extension .CHERNOLOCKER), Cry128 decryptor, Cry9 decryptor, CrypBoss decryptor, Crypt32, CryptInfinite, CryptoDefense, CryptON decryptor, CryptoPokemon, Cyborg, Damage, DeadBolt, Diavol, DMALocker, DMALocker2, Fabiansomware, FenixLocker, GalactiCrypter, GetCrypt, Globe, Globe2, Globe3, GlobeImposter, Gomasom, Hakbit, Harasom, HildaCrypt, HKCrypt, HydraCrypt, Ims00rry, JavaLocker, Jigsaw, JSWorm 2.0, JSWorm 4.0, KeyBTC, KokoKrypt, LeChiffre, LooCipher, Marlboro, Maze / Sekhmet / Egregor, MegaLocker, MRCR, Muhstik, Nemucod,NemucodAES, NMoreira, NoWay, OpenToYou, OzozaLocker, Paradise, PClock, PewCrypt, Philadelphia, Planetary, Radamant, Ragnarok, Ransomwared, RedRum, SpartCrypt, Stampado, STOP Djvu, STOP Puma, SynAck, Syrk, TurkStatik, WannaCryFake, Xorist, Ziggy, Zorab, and ZQ.


11. AVG free ransomware decryptions tools include: Apocalypse, BadBlock, Bart, Crypt888, Legion, SZFLocker, and TeslaCrypt.


12. Dr.Web antivirus, offers a ransomware decryptor to decrypt files locked-up by a Trojan.Encoder (Cryptolocker, Cryptowall, Reveton, ExPetya), which a victim can request via the support page.

In conclusion, when facing a ransomware incident, do not panic but rather spend efforts in finding out precisely the kind of ransomware locking up your information and whether a solution/decryptor is available from all the resources shared above. Do not neglect basic cyber hygiene practices like taking backups of your information and regularly testing that they work, and limiting access to your critical business information to only those individuals with a need to know.  

Leave us a comment and share with your network.

Read more: 

• 5 Critical Cyber Risks a Small Business Owner Must Remedy in 2022

• Become a Cyber Defender: 6 Free Cybersecurity Courses in 2022

• Linkedin is Top Phishing Trap ahead of Whatsapp and Telegram

• How I Passed CCSK on First Try and Tips for You to do it

• CISSP Masters Degree: Where to start with CISSP Certification

• CISM is Worth it: how i passed CISM online proctored exam

• Africa awash with Scams promising High Returns at Zero Risk

• High Interest in Cybersecurity at eLearning Africa Virtual Meet

• Sextortion Emails: I got your Password Watching Adult videos

• Tips on How I Passed CCSP in First Try and You can do same

• 5 Cybersecurity Resources With sample templates