Looking to streamline your TPRM? Join our Product Deep Dive Webinar with live Q&A!
Register Now
Blog
Resources
Blog
Breaches
eBooks, reports, & more
Events
News
Cybersecurity
Categories
Attack Surface Management
Company News
Compliance and Regulations
Cybersecurity
Data Breaches
DevOps
Human Cyber Risk
Risks and Vulnerabilities
Third-Party Risk Management
Vendor Risk Management
How to Decrypt Ransomware (with 100% Free Tools)
Last updated
December 1, 2025
{x} minute read

How to Decrypt Ransomware (with 100% Free Tools)

Get a demo
Free trial
Download the PDF guide
Free trial
Written by
Catherine Chipeta
Cybersecurity Writer
Catherine's work has influenced leaders in technology, SaaS, government, and financial services.
Reviewed by
Phil Ross
Chief Information Security Officer
Phil is a Forrester Zero Trust Strategist leveraging decades of experience in enterprise cybersecurity architectures.
Table of contents

Ransomware attacks are dominating news headlines, with ransomware-as-a-service (RaaS) operators actively seeking to exploit network vulnerabilities and infect unsuspecting victims. The healthcare sector and financial industry are especially vulnerable to ransomware attacks, as they store valuable personally identifiable data (PII) which can be misused to carry out lucrative crimes, like identity theft and fraud. 

During a successful ransomware attack, cyber attackers encrypt this sensitive data, preventing organizations from accessing it. The attackers then demand a hefty cryptocurrency ransom payment in exchange for a decryption key that provides access to it again. 

If your organization is infected by ransomware, time is of the essence to prevent further data breaches. Thankfully, there are now many free decryption tools available to help you defend against common variants of ransomware. Read on to learn how to decrypt ransomware and prevent future infections through defensive measures. 

Skip ahead to our list of the top 10 free ransomware decryption tools.

upguard demo request cta

How To Recover Data From a Ransomware Attack

In the event of a ransomware attack, follow these steps to recover your data. If you’re not sure what ransomware is, read our guide to ransomware here.

1. Find the Source of Infection

Ransomware spreads quickly once it has entered a target system. Many ransomware or malware types, such as cryptoworms, will actively seek multiple infection points. A fast response is crucial to preventing a costly data breach

Firstly, you must identify the source of infection and isolate it from all other devices on the network – both physically and electronically. 

The isolation process involves:

  • Unplugging the device’s power source.
  • Disconnecting the device from Wi-Fi and other network connections.
  • Removing any connected devices, e.g. external storage. 

There’s a high chance that the ransomware has entered through more than one device. You should also treat all devices connected to the first identified source of infection with similar caution and follow appropriate cybersecurity measures

2. Identify the Type of Ransomware You're Infected With

You’ll need to identify which type of ransomware is infecting your systems to take the most appropriate restorative actions. Kaspersky research shows ransomware is rapidly evolving, with new variants emerging at pace with the growing number of attacks.  

While many hackers will identify themselves through the filename of their ransom notes or encrypted files (.exe or .txt). Aside from relying on the file extension, there are also many identification sites now available such as: Crypto Sheriff and ID Ransomware.

Learn more about different types of ransomware.

3. Report to Law Enforcement

Ransomware attackers will demand payment in Bitcoin (or another cryptocurrency) in exchange for a private key to unlock your encrypted files. Most law enforcement agencies urge ransomware victims not to pay the ransom. In many cases, ransom payment only encourages further financial demands and there is no guarantee you will be given access back to your data. Reporting the attack will provide authorities with relevant information to assist in identifying the perpetrators in your case and other similar ransomware attacks.

Text on a light background that reads reducing the impact of ransomware attacks

Learn how to reduce the impact of ransomware attacks.

Read this post >

4. Restore Systems From a Back-Up

Given the rapid development of ransomware and many different types, there is no single way to remove it from your systems. If you have an external backup available, you should completely wipe your systems to restore the original files. Ensure the backup is from a date prior to the ransomware attack to prevent re-infection.

Keep in mind that removing the ransomware doesn’t necessarily decrypt files or restore original files – this can only be done using a ransomware decryptor (if available for the variant of infection). It’s best not to rely solely on these tools and to instead adopt ransomware prevention measures, such as the 3-2-1 backup strategy and installing an anti-malware / anti-virus solution, to protect against future attacks. 

Learn how to prevent ransomware attacks.

Top 10 Free Ransomware Decryption Tools 

There are currently many free ransomware decryption tools available for some of the most common types of ransomware. Below are the top 10 free decryptor tools to help you recover files encrypted following a ransomware attack. 

1. Avast Ransomware Decryption Tools

Avast currently offers 30 free ransomware decryption tools for Microsoft Windows operating systems. Some ransomware variants covered include:

  • AES_NI
  • Alcatraz Locker
  • Babuk
  • CrySiS
  • CryptoMix (Offline)
  • GandCrab
  • Globe
  • Jigsaw
  • Troldesh / Shade

View the full list of Avast’s ransomware decryption tools.

2. AVG 

AVG currently offers 7 free ransomware decryption tools, for the following variants:

  • Apocalypse
  • BadBlock
  • Bart
  • Crypt888
  • Legion
  • SZFLocker
  • TeslaCrypt

View the full list of AVG’s decryption tools. 

3. Emsisoft

Emsisoft currently offers 84 free ransomware decryption tools, such as:

  • Babuk
  • Cerber
  • CryptXXX
  • Globe
  • Jigsaw
  • REvil / Sodinokibi
  • Trojan.Encoder.6491
  • RSA-NI
  • Unknown XTBL
  • WannaCry
  • Xorist

View the full list of Emisoft’s decryption tools.

4. Kaspersky

Kaspersky currently offers 6 free ransomware decryption tools, for the following variants:

  • Shade Decryptor
  • Rakhni Decryptor
  • Rannoh Decryptor
  • CoinVault Decryptor
  • Wildfire Decryptor
  • Xorist Decryptor

View the full list of Kaspersky’s decryption tools. 

5. McAfee

McAfee’s Ransomware Recover (Mr2) is a framework designed to alleviate the time and resources required to develop a decryption framework from members of the cybersecurity community who have decryption keys and decryption logic.

Learn more about McAfee’s Ransomware Recover (Mr2).

6. No More Ransom Project

The No More Ransom Project is a joint initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee. The project aims to help victims of ransomware retrieve their encrypted data and avoid paying ransom to cybercriminals.

Learn more about the No More Ransom Project.

7. Quick Heal

Quick Heal currently offers 20 free ransomware decryption tools, such as:

  • Troldesh
  • Crysis
  • Cryptxxx 
  • Ninja 
  • Apocalypse
  • STOP Djvu 

View the full list of Quick Heal’s decryption tools.

8. Trend Micro

Trend Micro currently offers 27 free ransomware decryption tools, such as:

  • Globe / Purge
  •  Xorist
  • CryptXXX v1,v2,v3,v4,v5
  • Jigsaw
  • Globe/Purge
  • Crysis
  • WannaCry 

View the full list of Trend Mirco’s decryption tools.

9. WannaDecrypt

WannaDecrypt is a free ransomware decryption tool for 5 ransomware variants, including:

  • WannaCrypt
  • WannaCry
  • WanaCrypt0r
  • WCrypt
  • WCRY

Learn more about WannaDecrypt.

10. Wannakiwi

Based off WannaDecrypt, Wanakiwi is a free ransomware decryption tool for systems affected by WannaCry ransomware.

Learn more about Wanakiwi.

Final Thoughts

Ransomware decryption tools should only be used in the final stages of a comprehensive ransomware defense strategy if all other security controls fail. 

To learn how to implement a series of security controls to reduce the impact of ransomware attacks and potentially avoid the need for decryption tools, read this post.

Related posts

Learn more about the latest issues in cybersecurity.
Cybersecurity

Risk Automations: The Shift From Catch-Up to Command

Connect intelligence to system execution with Risk Automations, your new resolution layer for risk. Reduce remediation from hours to seconds - read more.
Revashni Moodley
Revashni Moodley
December 1, 2025
Cybersecurity

Shai-Hulud's True Lesson for CISOs: A Crisis of Communication

Shai-Hulud was driven by a communication crisis between security and engineering. Get a CISO's perspective on how to finally bridge this gap.
Phil Ross
Phil Ross
December 1, 2025
Cybersecurity

UpGuard’s Updated Cyber Risk Ratings

Discover UpGuard's updates to its cyber risk ratings, including enhanced risk categorization and an improved scoring algorithm.
Nicholas Sollitto
Nicholas Sollitto
July 2, 2025
Cybersecurity

Introducing UpGuard's New SIG Lite Questionnaire

Streamline your data collection and vendor risk assessments with UpGuard’s SIG Lite risk-mapped questionnaire.
Caitlin Postal
Caitlin Postal
June 26, 2025
Attack Surface Management

Typosquatting Explained with Real-World Examples

Learn more about typosquatting, what it is, how it works, and how to protect your business. Explore legal strategies, tools, and real-world examples here.
Abi Tyas Tunggal
Abi Tyas Tunggal
December 1, 2025
Cybersecurity

Why is Cybersecurity Important?

If your business isn't concerned about cybersecurity, it's only a matter of time before you're an attack victim. Learn why cybersecurity is important.
Abi Tyas Tunggal
Abi Tyas Tunggal
December 1, 2025
All posts