The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Ransomware Decryption software

PyLocky Ransomware Decryption Tool Released — Unlock Files For Free

PyLocky Ransomware Decryption Tool Released — Unlock Files For Free

January 11, 2019Mohit Kumar
If your computer has been infected with PyLocky Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search might end here. Security researcher Mike Bautista at Cisco's Talos cyber intelligence unit have released a free decryption tool that makes it possible for victims infected with the PyLocky ransomware to unlock their encrypted files for free without paying any ransom. The decryption tool works for everyone, but it has a huge limitation—to successfully recover your files, you must have captured the initial network traffic (PCAP file) between the PyLocky ransomware and its command-and-control (C2) server, which generally nobody purposely does. This is because the outbound connection—when the ransomware communicates with its C2 server and submit decryption key related information—contains a string that includes both Initialization Vector (IV) and a password, which the ransomware generates randomly to encrypt the file
CoinVault Ransomware Authors Sentenced to 240 Hours of Community Service

CoinVault Ransomware Authors Sentenced to 240 Hours of Community Service

July 26, 2018Mohit Kumar
Almost three years after the arrest of two young Dutch brothers, who pleaded guilty to their involvement in creating and distributing CoinVault ransomware malware , a district court in Rotterdam today sentenced them to 240 hours of community service. In 2015, the two suspects — Melvin (25-year-old) and Dennis van den B. (21-year-old) — were arrested from Amersfoort on suspicion of involvement in CoinVault ransomware attacks. The duo was arrested by law enforcement with the help of researchers from Kaspersky Labs , who reverse-engineered the malware and found the full name of one of the suspects and their IP address left accidentally on the command and control server. CoinVault ransomware campaign that began in May 2014 was one of the most successful file-encrypting ransomware program of its time that encrypted over 14,000 Windows computers worldwide, primarily the Netherlands, the US, the UK, Germany, and France. Just like other ransomware attacks, the sole intent of CoinVau
Free Thanatos Ransomware Decryption Tool Released

Free Thanatos Ransomware Decryption Tool Released

June 26, 2018Swati Khandelwal
If your computer has been infected with Thanatos Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search is over here. Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible for victims to unlock their Thanatos encrypted files for free without paying any ransom in cryptocurrencies. Like all ransomware threats, Thanatos encrypts files and asks victims to pay for ransom in multiple cryptocurrencies, including Bitcoin Cash, to decrypt their files. "Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild," the researchers say.  "Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Inste
Jaff Ransomware Decryption Tool Released – Don't Pay, Unlock Files for Free

Jaff Ransomware Decryption Tool Released – Don't Pay, Unlock Files for Free

June 15, 2017Swati Khandelwal
Hit by Jaff Ransomware? Don't pay the Ransom. You can unlock your files for Free! Kaspersky Labs has released an updated version 1.21.2.1 of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff ransomware . Security researchers at Kaspersky Labs have discovered a weakness in the Jaff ransomware code that makes it possible for victims to unlock their Jaff-infected files for free. First identified last month, Jaff is relatively new ransomware that's being distributed with the help of ' Necurs botnet ' that currently controls over 6 million infected computers worldwide. Necurs botnet is the same botnet – army of compromised internet connected devices – that was used to distribute Dridex Banking Trojan and Locky ransomware , which also infects users’ machines, encrypt files and then demand a ransom before unlocking them. Jaff ransomware (Trojan-Ransom.Win32.Jaff) attack is primarily carried out by sending
WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

May 19, 2017Swati Khandelwal
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems. WannaCry Ransomware Decryption Keys The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system’s files respectively. To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to
Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware

Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware

May 12, 2017Mohit Kumar
A massive malicious email campaign that stems from the Necurs botnet is spreading a new ransomware at the rate of 5 million emails per hour and hitting computers across the globe. Dubbed "Jaff," the new file-encrypting ransomware is very similar to the infamous Locky ransomware in many ways, but it is demanding 1.79 Bitcoins (approx $3,150), which much higher than Locky, to unlock the encrypted files on an infected computer. According to security researchers at Forcepoint Security Lab, Jaff ransomware, written in C programming language, is being distributed with the help of Necurs botnet that currently controls over 6 million infected computers worldwide. Necurs botnet is sending emails to millions of users with an attached PDF document, which if clicked, opens up an embedded Word document with a malicious macro script to downloads and execute the Jaff ransomware, Malwarebytes says . Jaff is Spreading at the Rate of 5 Million per Hour The malicious email camp
No More Ransom — 15 New Ransomware Decryption Tools Available for Free

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

April 05, 2017Mohit Kumar
No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals. The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools. Since December, more than 10,000 victims from all over the world have been able to decrypt their locked up devices without spending a penny, using ransomware decryption tools available free of charge on this platform. Statistics show that most of the website visitors were from Russia, the Netherlands, the U.S., Italy, and Germany. The pla
KillDisk Ransomware Targets Linux; Demands $250,000 Ransom, But Won't Decrypt Files

KillDisk Ransomware Targets Linux; Demands $250,000 Ransom, But Won't Decrypt Files

January 06, 2017Swati Khandelwal
What you'll do if Ransomware infects you? Should you pay or not to recover your files? Believe me, the FBI advises - Pay off the criminals to get your files back if you don't have a backup. But paying off a ransom to cyber criminals is definitely not a wise option because there is no guarantee that you'll get the decryption key in return. In the latest incident, the new variant of KillDisk ransomware has been found encrypting Linux machines, making them unbootable with data permanently lost. What is KillDisk? KillDisk is a destructive data wiping malware that has previously been used to sabotage companies by randomly deleting files from the computers. KillDisk is the same component associated with the Black Energy malware that was used to hit several Ukrainian power stations in 2015, cutting power for thousands of people. But according to ESET security researchers, the nasty KillDisk disk wiper malware is back with new variants that target Windows and Lin
Researcher releases Free Ransomware Detection Tool for Mac OS X Users

Researcher releases Free Ransomware Detection Tool for Mac OS X Users

April 20, 2016Mohit Kumar
In Brief: Introducing  RansomWhere , a free generic ransomware detection tool for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes. This ransomware detection tool helps to block the suspicious processes and waits for the user to decide whether to allow or stop the process. Ransomware has risen dramatically since last few years... so rapidly that it might have already hit someone you know. With hundred of thousands of ransomware samples emerging every day, it is quite difficult for traditional signature-based antivirus products to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection , then what else can we do? Some Antivirus companies have already upgraded their security solutions that detect suspicious behaviors like the sequential accessing of a large number of files, using encryption algori
How to decrypt Petya Ransomware for Free

How to decrypt Petya Ransomware for Free

April 12, 2016Mohit Kumar
Ransomware has risen dramatically since last few years and is currently one of the most popular threats on the Internet. The Ransomware infections have become so sophisticated with the time that victims end up paying ransom in order to get their critical and sensitive data back. But if you are infected with Petya Ransomware , there is good news for you. You can unlock your infected computer without paying the hefty ransom. Thanks to the Petya author who left a bug in the Ransomware code. What is Petya Ransomware? Petya is a nasty piece of ransomware that emerged two weeks ago and worked very differently from any other ransomware. The ransomware targets the victims by rebooting their Windows computers, encrypting the hard drive's master boot file, and rendering the master boot record inoperable. Also Read:  How to Decrypt CoinVault and Bitcryptor Ransomware A master boot record (MBR) is the information in the first sector of any hard disk that ide
Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

February 18, 2016Unknown
Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly. Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised data. The devastation of the compromised files can be pitched as: Compromised emails Lockout Electronic Medical Record System [EMR] Encrypted patient data Unable to carry CT Scans of the admitted patients Ferried risky patients to nearby hospitals ...and much more unexplained outcomes. The hospital had confirmed that the Ransomware malware had hit its core heart a week before, potentially affecting the situation to grow much worse. Hospital End up Paying $17,000 As the situation was grown out of wild, the hospital paid 40 Bitcoins (Roughly US $17,000) to the Ransomware Criminals to resume their medical operations after gaining the decryption keys. "T
Here's How to Decrypt Hydracrypt & Umbrecrypt Ransomware Files

Here's How to Decrypt Hydracrypt & Umbrecrypt Ransomware Files

February 13, 2016Unknown
Over the last few years, we have seen several types of Ransomware malware that demand a whopping amount of money from users for the retrieval of their locked, compromised sensitive files. We have also witnessed the birth of decryption solution for some of the Ransomware like Cryptolocker (partial), Coinvault , Rescue Kit . One more solution has recently been released for decryption of newly emerging ransomware, dubbed as Hydracrypt and Umbrecrypt that are propagated through Angler Exploit Kit. Both of the malware belong to CrypBoss ransomware family. The source code of CrypBoss Ransomware was leaked last year on Pastebin, which was later analyzed by Fabian Wosar, a security researcher at Emsisoft. With the help of CrypBoss Source code, Wosar was successfully able to crack the encryption algorithm of the ransomware and quickly made the decryption tool for CrypBoss and its variants ( Hydracrypt and Umbrecrypt ). It is found that both Hydracrypt and Umbrec
Free Ransomware Decryption Tool — CoinVault and Bitcryptor

Free Ransomware Decryption Tool — CoinVault and Bitcryptor

October 31, 2015Swati Khandelwal
Have you been infected with the insidious CoinVault or Bitcryptor ransomware? If so, there is some potentially good news for you. You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab. Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of encryption keys from command-and-control (C&C) servers used by two related ransomware threats – CoinVault and Bitcryptor . Security researchers first observed CoinVault ransomware attacks in May 2014. Since then, CoinVault has made more than 1,500 victims in more than 108 countries. In April 2015, the Dutch police obtained ' Decryption keys ' database from a seized command and control server of CoinVault. Ransomware Decryption Tool Those decryption keys were then used by Kaspersky Lab to set up a Ransomware Decryptor Service , which included a set of around 750 decryp
FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money'

FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money'

October 27, 2015Mohit Kumar
Your Headache is not my Problem. If your computer gets hacked and infected with malware that holds your data for ransom, just pay off the criminals to see your valuable data again and do not expect the FBI to save them – it's what the FBI is advising concerning ransomware . Ransomware is a sophisticated malicious software that lets hacker encrypts all the contents of a victim's hard drive or/and server and demands ransom (typically in Bitcoins) for the decrypt key. Also Read:   Free Ransomware Decryption and Malware Removal ToolKit Federal agencies and the FBI have long urged people not to pay ransom to the criminals, as there is no guarantee that they will even receive an unlock key. The FBI – 'Better Pay up the Ransom' However, while speaking at the 2015 Cyber Security Summit on Wednesday, Assistant Special Agent Joseph Bonavolonta , who oversees the FBI's Boston office, advised the companies infected with ransomware to better pay up th
CoinVault Ransomware Decryption Tool Released

CoinVault Ransomware Decryption Tool Released

April 14, 2015Mohit Kumar
Are you one of those Windows users who have found themselves as victims of the CoinVault Ransomware ? If Yes, then we have a Good news for you: Victims of CoinVault ransomware can now decrypt their files encrypted by malware using a free tool released by Kaspersky Lab. With the Help of The National High Tech Crime Unit (NHTCU) of the Dutch Police, Security Researchers at Kaspersky Labs have developed ' CoinVault Ransomware Decryptor ' that decrypts files locked by ransomware like CoinVault. Ransomware malware is a growing cyber threat in which hackers primarily gain access to a user’s system and demand a ransom be paid. Ransomware malware infects a computer or device to restrict the user’s access to the infected computer. Typically, the ransomware malware will either 'lock' the computer to prevent normal usage or encrypt the files on it to prevent access. Recently, during an investigation of the CoinVault ransomware, the Dutch police we
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.