Blog
How to Decrypt Ransomware (with 100% Free Tools)

How to Decrypt Ransomware (with 100% Free Tools)

Catherine Chipeta
Catherine Chipeta
updated Jun 13, 2022

Ransomware attacks are dominating news headlines, with ransomware-as-a-service (RaaS) operators actively seeking to exploit network vulnerabilities and infect unsuspecting victims. The healthcare sector and financial industry are especially vulnerable to ransomware attacks, as they store valuable personally identifiable data (PII) which can be misused to carry out lucrative crimes, like identity theft and fraud. 

During a successful ransomware attack, cyber attackers encrypt this sensitive data, preventing organizations from accessing it. The attackers then demand a hefty cryptocurrency ransom payment in exchange for a decryption key that provides access to it again. 

If your organization is infected by ransomware, time is of the essence to prevent further data breaches. Thankfully, there are now many free decryption tools available to help you defend against common variants of ransomware. Read on to learn how to decrypt ransomware and prevent future infections through defensive measures. 

Skip ahead to our list of the top 10 free ransomware decryption tools.

How To Recover Data From a Ransomware Attack

In the event of a ransomware attack, follow these steps to recover your data. If you’re not sure what ransomware is, read our guide to ransomware here.

1. Find the Source of Infection

Ransomware spreads quickly once it has entered a target system. Many ransomware types, such as cryptoworms, will actively seek multiple infection points. A fast response is crucial to preventing a costly data breach

Firstly, you must identify the source of infection and isolate it from all other devices on the network – both physically and electronically. 

The isolation process involves:

  • Unplugging the device’s power source.
  • Disconnecting the device from Wi-Fi and other network connections.
  • Removing any connected devices, e.g. external storage. 

There’s a high chance that the ransomware has entered through more than one device. You should also treat all devices connected to the first identified source of infection with similar caution and follow appropriate cybersecurity measures

2. Identify the Type of Ransomware You're Infected With

You’ll need to identify which type of ransomware is infecting your systems to take the most appropriate restorative actions. Kaspersky research shows ransomware is rapidly evolving, with new variants emerging at pace with the growing number of attacks.  

While many hackers will identify themselves through the filename of their ransom notes or encrypted files (.exe or .txt). Aside from relying on the file extension, there are also many identification sites now available such as: Crypto Sheriff and ID Ransomware.

Learn more about different types of ransomware.

3. Report to Law Enforcement

Ransomware attackers will demand payment in Bitcoin (or another cryptocurrency) in exchange for a private key to unlock your encrypted files. Most law enforcement agencies urge ransomware victims not to pay the ransom. In many cases, ransom payment only encourages further financial demands and there is no guarantee you will be given access back to your data. Reporting the attack will provide authorities with relevant information to assist in identifying the perpetrators in your case and other similar ransomware attacks.

4. Restore Systems From a Back-Up

Given the rapid development of ransomware and many different types, there is no single way to remove it from your systems. If you have an external backup available, you should completely wipe your systems to restore the original files. Ensure the backup is from a date prior to the ransomware attack to prevent re-infection.

Keep in mind that removing the ransomware doesn’t necessarily decrypt files or restore original files – this can only be done using a ransomware decryptor (if available for the variant of infection). It’s best not to rely solely on these tools and to instead adopt ransomware prevention measures, such as the 3-2-1 back-up strategy and installing an anti-malware / anti-virus solution, to protect against future attacks. 

Learn how to prevent ransomware attacks.

Top 10 Free Ransomware Decryption Tools 

There are currently many free ransomware decryption tools available for some of the most common types of ransomware. Below are the top 10 free decryptor tools to help you recover files encrypted following a ransomware attack. 

1. Avast Ransomware Decryption Tools

Avast currently offers 30 free ransomware decryption tools for Microsoft Windows operating systems. Some ransomware variants covered include:

  • AES_NI
  • Alcatraz Locker
  • Babuk
  • CrySiS
  • CryptoMix (Offline)
  • GandCrab
  • Globe
  • Jigsaw
  • Troldesh / Shade

View the full list of Avast’s ransomware decryption tools.

2. AVG 

AVG currently offers 7 free ransomware decryption tools, for the following variants:

  • Apocalypse
  • BadBlock
  • Bart
  • Crypt888
  • Legion
  • SZFLocker
  • TeslaCrypt

View the full list of AVG’s decryption tools. 

3. Emsisoft

Emsisoft currently offers 84 free ransomware decryption tools, such as:

  • Babuk
  • Cerber
  • CryptXXX
  • Globe
  • Jigsaw
  • REvil / Sodinokibi
  • Trojan.Encoder.6491
  • RSA-NI
  • Unknown XTBL
  • WannaCry
  • Xorist

View the full list of Emisoft’s decryption tools.

4. Kaspersky

Kaspersky currently offers 6 free ransomware decryption tools, for the following variants:

  • Shade Decryptor
  • Rakhni Decryptor
  • Rannoh Decryptor
  • CoinVault Decryptor
  • Wildfire Decryptor
  • Xorist Decryptor

View the full list of Kaspersky’s decryption tools. 

5. McAfee

McAfee’s Ransomware Recover (Mr2) is a framework designed to alleviate the time and resources required to develop a decryption framework from members of the cybersecurity community who have decryption keys and decryption logic.

Learn more about McAfee’s Ransomware Recover (Mr2).

6. No More Ransom Project

The No More Ransom Project is a joint initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee. The project aims to help victims of ransomware retrieve their encrypted data and avoid paying ransom to cybercriminals.

Learn more about the No More Ransom Project.

7. Quick Heal

Quick Heal currently offers 20 free ransomware decryption tools, such as:

  • Troldesh
  • Crysis
  • Cryptxxx 
  • Ninja 
  • Apocalypse
  • STOP Djvu 

View the full list of Quick Heal’s decryption tools.

8. Trend Micro

Trend Micro currently offers 27 free ransomware decryption tools, such as:

  • Globe / Purge
  •  Xorist
  • CryptXXX v1,v2,v3,v4,v5
  • Jigsaw
  • Globe/Purge
  • Crysis
  • WannaCry 

View the full list of Trend Mirco’s decryption tools.

9. WannaDecrypt

WannaDecrypt is a free ransomware decryption tool for 5 ransomware variants, including:

  • WannaCrypt
  • WannaCry
  • WanaCrypt0r
  • WCrypt
  • WCRY

Learn more about WannaDecrypt.

10. Wannakiwi

Based off WannaDecrypt, Wanakiwi is a free ransomware decryption tool for systems affected by WannaCry ransomware.

Learn more about Wanakiwi.

Free

UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape