Download Ransomware Decryption Tools

This compilation of downloadable ransomware decryption tool aims to help victims to easily obtain necessary free file recovery software for their encrypted files. However, please note that not all files encrypted by ransom virus have corresponding decryption software. Malware researchers are doing their best to reverse engineer the each ransomware and their complex encryption method to come up with free solution. However, there are some types that are not really recoverable due to highly complicated algorithm applied when encrypting files.

We will update the list as soon as we gather information about recent ransomware and its matching decryption tool.

Identifying Ransomware

Before using any of the tools provided on this page, it is important that you are certain on the type of ransomware that infected the computer. As shown below, we include the unique extension that are identified with each ransom virus.

If you are uncertain on the actual identification of ransomware that’s troubling your computer, please use the “ID Ransomware” service provided by Demonslay335 and MalwareHunterTeam.

Decryption Tools for Ransomware Infected Files

These decryption tools are provided as-is from individual malware researchers and computer security software vendors and listed in alphabetical order.

Aurora/Zorro

Aurora ransomware is also known as Zorro. It uses XTEA and RSA encryption method and appends the infected file with extensions such as .aurora, .zorro, .animus, .desu, .ONI, .Nano, and .cryptoid.

BigBibRoss

Ransomware that goes by the name GeBigBosRoss was developed using C++. To encrypt victim’s files, it uses AES-128 ECB and appended it with extensions such as .cheetah, .encryptedALL, or .obfuscated.

GandCrab

This is probably one of the most rampant ransomware in 2018. It can append extensions to infected files as .GDCB, .CRAB, .KRAB, or five random characters like cngbo.

GetCrypt

GetCrypt encrypted files were locked using highly complex algorithm of Salsa20 and RSA-4096. The virus appends the encrypted files with unique 4-character extension like photo.jpg.EBAH.

JSWorm 2.0

This ransomware was developed using C++ programming language and utilizes Blowfish technology to encrypt files. Infected files will have an extension document.doc.[ID-331889326][email address].JSWORM.

Marlboro

This ransom virus is written in C++ and manage to encrypt files with simple method using XOR algorithm. Infected files can be identified with .oops suffix added to the extension.

MegaLocker

By using a sophisticated AES-128 ECB encryption algorithm, Megalocker renders victim’s files useless. This ransomware adds the .NamPoHyu extension to infected files. Therefore, it will be like resume.doc.NamPoHyu after encryption.

STOP/DJVU

This is probably a ransomware with so many versions. It typically spreads via cracked software that can be downloaded from Torrent websites. Recently, it was observed that STOP/DJVU is relying on malicious advertising campaign as additional distribution method. Encrypted files are appended with the following extensions.

.STOP, .SUSPENDED, .WAITING, .PAUSA, .CONTACTUS, .DATASTOP, .STOPDATA, .KEYPASS, .WHY, .SAVEfiles, .DATAWAIT, .INFOWAIT, .puma, .pumax, .pumas, .shadow, .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promock, .promoks, .promorad, .promok, .promorad2, .kroput, .kroput1, .charck, .pulsar1, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .verasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .forasom, .berost, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidon, .heroset, .myskle, .boston, .muslat, .gerosan, ,vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad or .madek, tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .darod, .access, .format, .nelasod, .mogranos, .lotej, .prandel, .zatrov, .masok, .cosakos, .nvetud, .kovasoh, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .vesrato, .masodas, .nuksus, .cetori, .stare, .carote

Note: This decryption tool may only have successful file recovery if Offline Key is assigned during the encryption process.

– Decrypter_2

This is an alternative to STOPDecrypter and is capable fo decrypting selected recent versions of STOP/DJVU including the following:

.gero, .hese, .meds, .moka, .peta, .karl, .kuub, .kvag, .seto, .nesa

Note: This decryption tool may only have successful file recovery if Offline Key is assigned during the encryption process.

54 Comments

  1. suleiman

    hello , i have .lanset Ransomware , i have tried STOPDecrypter and it did not help and said no key to get my files back, thanks for trying helping people.

  2. Antonius

    I tried using StopDecrypter 2.1.0.14 and failed.
    This was from stopdecrypter log.

    MACs: 48:BA:4E:23:F5:B9, EA:9E:B4:26:49:9D, E8:9E:B4:26:49:9D
    —————————————-
    STOPDecrypter v2.1.0.14
    OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
    —————————————-

    No key for ID: Xl1urvjziPp4WpR88kAgU0AahSCb8B3H0a9uyzeM (.lotep )
    Unidentified ID: Xl1urvjziPp4WpR88kAgU0AahSCb8B3H0a9uyzeM (.lotep )
    MACs: 48:BA:4E:23:F5:B9, EA:9E:B4:26:49:9D, E8:9E:B4:26:49:9D
    Decrypted 0 files, skipped 50
    Unidentified ID: Xl1urvjziPp4WpR88kAgU0AahSCb8B3H0a9uyzeM (.lotep )
    MACs: 48:BA:4E:23:F5:B9, EA:9E:B4:26:49:9D, E8:9E:B4:26:49:9D
    Decrypted 0 files, skipped 50
    Unidentified ID: Xl1urvjziPp4WpR88kAgU0AahSCb8B3H0a9uyzeM (.lotep )
    MACs: 48:BA:4E:23:F5:B9, EA:9E:B4:26:49:9D, E8:9E:B4:26:49:9D
    Decrypted 0 files, skipped 1
    MACs: 48:BA:4E:23:F5:B9, EA:9E:B4:26:49:9D, E8:9E:B4:26:49:9D
    —————————————-
    STOPDecrypter v2.1.0.14
    OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
    —————————————-

    No key for ID: Xl1urvjziPp4WpR88kAgU0AahSCb8B3H0a9uyzeM (.lotep )
    Unidentified ID: Xl1urvjziPp4WpR88kAgU0AahSCb8B3H0a9uyzeM (.lotep )
    MACs: 48:BA:4E:23:F5:B9, EA:9E:B4:26:49:9D, E8:9E:B4:26:49:9D
    Decrypted 0 files, skipped 4
    Unidentified ID: Xl1urvjziPp4WpR88kAgU0AahSCb8B3H0a9uyzeM (.lotep )
    MACs: 48:BA:4E:23:F5:B9, EA:9E:B4:26:49:9D, E8:9E:B4:26:49:9D
    Decrypted 0 files, skipped 12

  3. agung

    for Litar nothing at moment?… my file encrypt with Litar, my computer was install again, but the file alwasy encrypt… if have dedcryptor for Litar , please i hope get me information..
    thanks

  4. Gary Goldie

    Do you have a tool yet that will recover .dotmap infected files

  5. Muhammad Moiz ud din

    Hi guys
    My files are under the affect of ransomware virus and is changed to .DOCM extensions.can you suggest what should i do

  6. sanjeev

    My mov file is encrypted by .lotep. Any solution for this? Please help me.

  7. anaz

    [!] No keys were found for the following IDs:
    [*] ID: pUG6BmaVLXRVKGshOibLl3U3NV6mNpvVRga5qbOl (.budak )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: 4C:72:B9:67:11:EF, 02:E0:2A:2D:FC:93, 00:E0:2A:2D:FC:93, 00:E0:2A:2D:FC:93
    This info has also been logged to STOPDecrypter-log.txt

  8. anaz

    Hi,
    i have .budak Ransomware , i have tried STOPDecrypter and it did not help and said no key to get my files back, thanks for trying helping people.

  9. HENDRI MARJONI

    Help me please !
    .LAPOI

  10. PD Watersheds, Malkangiri

    My files are affected of Ransomware and file format is .LAPOI, if any solutions for decrypt files please reply.

  11. Basanta Das

    My files are under the affect of ransomware virus and is changed to .gerosan extensions. Can you suggest what should I do?

  12. amel

    help!

    my file infected by .access

    +] File: D:\COBA\form_realisasi_skp_jfu(1).docx.access
    [-] No key for ID: vS3iNXrZw6Ex5PBa9JSE3ARZZnJTYR61PcMAvLKr (.access )

    Decrypted 0 files!
    Skipped 1 files.

    [!] No keys were found for the following IDs:
    [*] ID: vS3iNXrZw6Ex5PBa9JSE3ARZZnJTYR61PcMAvLKr (.access )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: 42:52:CB:8C:82:08, 22:52:CB:8C:82:08, 12:52:CB:8C:82:08, 98:EE:CB:1E:1F:6C, 30:52:CB:8C:82:08, 30:52:CB:8C:A9:18
    This info has also been logged to STOPDecrypter-log.txt

  13. Greg H

    please help me

    I was infected with the .access djvu variant

    [!] No keys were found for the following IDs:
    [*] ID: ReORV6ShrtWNuJ0ceWs0HqhvCbzW3XJQmmwGQpt1 (.access )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: 9C:4E:36:A4:CE:49, 9C:4E:36:A4:CE:48, 00:8C:FA:43:83:03
    This info has also been logged to STOPDecrypter-log.txt

  14. sandeep

    My computer has been infected by .nelasod ransomware STOP(djvu). Will I be able to decrypt my files using the STOPdecryptor?

    Many Thanks.

  15. John

    mogranos please?

  16. jagadeesh

    Please help me
    Recently my pc infected with .cosakos. how to recover infected files.

  17. Sai nathan

    My PC was attacked by .cosakos ransomware.

  18. Raj Kumar Vemula

    Please Help Anybody
    .access ransomware encrypted all data
    stopdecrypter showing like this
    No key for ID: 5XWMxDBly6zhKPdqw1d2UCdqc0h6brdAKqM7ndDx (.access )
    Unidentified ID: 5XWMxDBly6zhKPdqw1d2UCdqc0h6brdAKqM7ndDx (.access )
    MACs: E0:D5:5E:1D:93:74
    Decrypted 0 files, skipped 10

  19. Raj Kumar Vemula

    Is there any updates for Stopdecrypter..

    or
    any other decrypter for online key for .access ransomware

  20. kamalakannan

    My computer has been infected by .nelasod ransomware STOP(djvu). Cannot recover my files. Guide me and help me please.

  21. Muhammad Umar

    please help me

    I was infected with the .access budak variant

    [!] No keys were found for the following IDs:

    [*] ID: KEZ9EJizJXRkva1MWt1j4GTRP0nO3uDbuxKS0aeZ (.budak )
    [*] ID: KEZ9EJizJXRkva1MWt1j4GTRP0nO3uDbuxKS0aeZ (.jpg )
    [*] ID: KEZ9EJizJXRkva1MWt1j4GTRP0nO3uDbuxKS0aeZ (.mp4 )
    [*] ID: KEZ9EJizJXRkva1MWt1j4GTRP0nO3uDbuxKS0aeZ (.exe )
    [*] ID: KEZ9EJizJXRkva1MWt1j4GTRP0nO3uDbuxKS0aeZ (.Mp3 )
    This info has also been logged to STOPDecrypter-log.txt

    Please archive the following info in case of future decryption:
    [*] MACs: 7C:05:07:0E:78:3C, 6C:60:EB:21:64:F8, 6C:60:EB:21:64:FF, 6C:60:EB:21:64:FE

  22. edopo

    help me please…. :'(

    No key for ID: necn7Y19ObqqAIAPY1ANQ7KdycaFdRabRv94rnig (.access )
    Unidentified ID: necn7Y19ObqqAIAPY1ANQ7KdycaFdRabRv94rnig (.access )
    MACs: 52:10:B3:DD:FB:8E, 12:10:B3:DD:FB:8E, 30:10:B3:DD:FB:8E, C4:54:44:E5:4C:74
    Decrypted 0 files, skipped 10
    Unidentified ID: necn7Y19ObqqAIAPY1ANQ7KdycaFdRabRv94rnig
    MACs: 52:10:B3:DD:FB:8E, 12:10:B3:DD:FB:8E, 30:10:B3:DD:FB:8E, C4:54:44:E5:4C:74
    —————————————-
    STOPDecrypter v2.1.0.18
    OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
    —————————————-

  23. arvind

    please help me

    STOPDecrypter v2.1.0.21
    OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
    —————————————-

    No key for ID: WZ0ia3G6M61UOspFZTrGEdvsa7aZwGMIxcOsJvyr (.bopador )
    Unidentified ID: WZ0ia3G6M61UOspFZTrGEdvsa7aZwGMIxcOsJvyr (.bopador )
    MACs: FC:AA:14:EC:61:23, 80:1F:02:F5:11:CA, 80:1F:02:F5:11:CA
    Decrypted 0 files, skipped 180

  24. ahmed

    there is new malware .prandel

  25. ruwan

    Thank you admin
    I’m in Sri Lannka. I recovered some files with .access virus.
    But some files shows no key. Please tell me how to recover it? Thank you again.
    +] File: F:\ishan pradiya album\8.jpg.access
    [-] No key for ID: wosaTSy7AlfjSoVc0CR7TZuJOAEwL8exg77SQuyf (.access )

  26. Atiq

    My computer is affected by brusaf

    Can I get a decrypter

  27. Taikhoan

    All my data on C and D drive were infected by .lokas ransomware on July 10th 2019, I used malware tool for remove ransomware and now I need to recover all data. What should I do, please I tell me how to solve this issue. Thanks a lot.

  28. Gazza

    help with .londec please

  29. wulan

    Please help me!!!
    a new virus .cosakos

    [-] No key for ID: f6CpjyUZEtQXAK6E8NipHbxNFBNlo6u2a9zR5j2I (.cosakos )

    Decrypted 0 files!
    Skipped 37 files.

    [!] No keys were found for the following IDs:
    [*] ID: f6CpjyUZEtQXAK6E8NipHbxNFBNlo6u2a9zR5j2I (.cosakos )
    [*] ID: f6CpjyUZEtQXAK6E8NipHbxNFBNlo6u2a9zR5j2I (.mp4 )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: E4:D5:3D:96:95:15

  30. ARHAM

    I HAVE .LONDEC EXTENSION HOW I REMOVE

  31. Prakash

    Need decryptor for .bopador please help

  32. Prem

    help me my all files are infected by .berosuce ransom virus

  33. naveen

    .pedro iile how to remove

  34. Awanit

    No key for ID: Nq6q9ogxKDZS4dZaTq4vJJp9yU7xHgx4Y5q1ibC0 (.masodas )

  35. Jorge

    No key for ID: UQggsjUvBojOFwDxUMb310I1tsiVr8vuPL5W7QbX (.nasoh )
    Unidentified ID: UQggsjUvBojOFwDxUMb310I1tsiVr8vuPL5W7QbX (.nasoh )
    MACs: 5E:C1:77:B0:7B:68, 00:1C:C0:FE:3D:22, C8:3A:35:CC:0E:2B
    Decrypted 0 files, skipped 4

  36. icecreamman

    new malware in town..
    .pedro
    tried most of decryption softwares.. none helped.. used STOPDecryptor, it recovered 1 file out of 222 files..

  37. dimitroff

    MACs: C8:D9:D2:EE:B2:CA, DA:9C:67:60:A7:DD, FA:9C:67:60:A7:DD, D8:9C:67:60:A7:DD, D8:9C:67:60:A7:DE

  38. arno

    this is my mac adress MACs: B8:AC:6F:E1:E7:C4

  39. essam ghena

    [!] No keys were found for the following IDs:
    [*] ID: tZuB1dP5rqlJy7K6rkl4KpwItbtmgFLKKUOzth8R (.gerosan )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: F8:B1:56:A7:7F:6A, 00:FF:76:A4:F0:F3, 00:FF:4B:59:AB:AB, 90:F6:52:0E:FE:67

  40. essam ghena

    [+] Loaded 83 offline keys
    Please archive the following info in case of future decryption:
    [*] ID: tZuB1dP5rqlJy7K6rkl4KpwItbtmgFLKKUOzth8R
    [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
    [*] MACs: F8:B1:56:A7:7F:6A, 00:FF:76:A4:F0:F3, 00:FF:4B:59:AB:AB, 90:F6:52:0E:FE:67
    This info has also been logged to STOPDecrypter-log.txt

  41. ddn

    No key for ID: e0T41vnQRoiVioyaEdBVIrM0b2o9Pkc8pT1uNTuc (.londec )
    Unidentified ID: e0T41vnQRoiVioyaEdBVIrM0b2o9Pkc8pT1uNTuc (.londec )
    MACs: B8:03:05:05:F4:5C, B8:03:05:05:F4:5F, B8:03:05:05:F4:5B, E8:03:9A:21:FD:78
    Decrypted 0 files, skipped 5
    MACs: B8:03:05:05:F4:5C, B8:03:05:05:F4:5F, B8:03:05:05:F4:5B, E8:03:9A:21:FD:78

    Please help

  42. James Goti

    Hi,
    i have .masodas Ransomware , i have tried STOPDecrypter and it did not help and said no key to get my files back,any more tool Decrypter.

  43. MOH HUSNAN

    Do you have a tool yet that will recover .gero files

  44. mourad

    hi
    my computer is infected with nvetud virus
    Is there any updates for Stopdecrypter..
    or
    any other decrypter for online key for .nvetud ransomware
    thanks

  45. Yasin Khan

    Decrypt .gero & .hese Please

  46. David

    hello guys.
    my computer is infected with hese.. please help me recover my files please.

  47. abdulrehman

    hi.. my copmuter is effected by .hese ransomeware, can i get any decrypter for my computer??

  48. strider

    STOPDecrypter doesn’t decrypt .heroset files. Don’t bother downloading STOPDecrypter if you are infected with .heroset

  49. PAPP ZSOLT

    HELLO
    MY PC IS INFECTED WHIT *.*NASOH
    NO DECRYPTER WORKS

    PLEASE HELP ME
    PERSONALID: 145mJhTccFAqaVdnTNNg1BNhafLbbV2esn3fECysRNvF5wQ8VI

    No key for ID: AqaVdnTNNg1BNhafLbbV2esn3fECysRNvF5wQ8VI (.nasoh

  50. Osanda

    No key for ID: M5DZiTJAwyhnvx8jy5wW0RkzyjGnT5kTWYzlziWT (.nasoh )

  51. kalyan baidya

    Hi,

    Kindly help me please. My two systems are infected with .nesa and .masok.

    I had download the latest version of STOPDecrypter and it skipped the files.

    Kindly look into the matter and I shall be highly grateful to U.

    STOPDecrypter v2.2.0.0
    OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
    —————————————-No key for ID: YBOvIzusOa11XzxV7LAngMgmb6qJB5e90Wp0u5t1 (.nesa )
    No key for ID: GHMXOls58PO6w7DONvsn6wiutZaGgKcIcNIEuTsS (.masok )

    Kindly Help Us.

  52. Indika

    I need .domn extension decryption tool..
    Thanks

  53. Rajitha

    meds file recovery

  54. Ahmii

    how to get back my data From (.meds Ransomware Virus) Infected Files ? i Need Help

Leave a Comment

Your email address will not be published. Required fields are marked *

Please support this website. Kindly hit LIKE button below and continue browsing the site.