How to decrypt (restore) the files, corrupted by ransomware

Since people have mastered the writing, different ciphers began to appear. The codes were used for military purposes or to ensure the confidentiality of correspondence between individuals. First ciphers were fairly simple, but over time they became increasingly difficult, and in the Middle Ages were such ciphers that remain a mystery even to modern scientists, because of their unusual structure. Nowadays, cryptography is developing very rapidly, due to the fact that people have mastered methods of storing and transmission of almost unlimited amount of information. In ancient times, the complexity of the cipher was achieved due to its unusual structure and strange characters, but the difficulty has been limited due to primitive methods of information transmission. Now it isn’t difficult for the average home computer to create an encrypted text of any complexity.

At the end of the XX century and in early XXI, were invented the encryption algorithms, which are still used by intelligence agencies, major companies and any other institutions and individuals around the world: RSA and AES. These algorithms are fundamentally different from each other in their structure, but have one thing in common: they cannot be deciphered without the key. These ciphers are impossible to crack by a simple brute force, and it takes too much time to break them. For example, the first successful attempt of breaking RSA cipher was made in 1993 by a group of enthusiasts who for 6 months used the computing power of 1,600 computers to decrypt the encrypted text. Text size was 6 words. Since then, the encryption is continuously perfected and now is one of the most reliable in the world. AES encryption, despite numerous statements, have not been fully compromised, as all proposed algorithms require special conditions for their implementation (a large number of files encrypted with the same key, the possibility of using the same system that was used by one who encrypted the file, and so on). Theoretically, these methods can be considered successful, however, in practice, they are impossible to carry out, having only the encrypted file.

Due to the fact that both of these algorithms are in the public domain, hackers and web-criminals began to use them. In the last ten years, Internet users began to suffer from new type of viruses that penetrate their computers, encrypt the information and demand a ransom for its decryption. Such programs are called ransomware, and they are considered the most dangerous of all the viruses on the Internet. Though all users are looking for a way to "decrypt" encrypted files, but in fact, this word is inappropriate here, and it rather should be called “data recovery”.

To restore the data encrypted by ransomware, there is only one sure way: loading backups. Backup (previously saved copy of the entire system or of the separate files) should be done as often as possible, and stored on an external hard drive, which should be disconnected from the computer. If all the conditions have been complied with, in the case of infection of your computer by any type of encrypting virus, you should just clean your computer from ransomware and download the backups. If you haven’t made backups, then the task becomes much more difficult. Some simple examples of ransomware have a vulnerability that allows to recover data using the Windows in-built service, called Shadow Volume Copies. This service, when turned on, saves the files before they are subject to change or removal. The access to it and to the stored files can be operated both by the operating system functionality and with the help of the handy programs like Recuva or ShadowExplorer. However, most modern viruses permanently delete all shadow copies, and this method cannot be considered effective.

As we mentioned in previous parts of this article, it is practically impossible to crack the ciphers used by hackers, and therefore, malware fighters are working in the other direction to neutralize every single ransomware. Experts from antivirus software manufacturers and enthusiasts looking for vulnerabilities in the code of the virus, and trying to find a C&C centers that control the virus and hack them to gain access to the secret key. Once this happens, they create a program for decryption, which can benefit everyone free of charge.

And finally, here is a list of programs, developed by the leading experts and companies struggling with viruses in general and with ransomware in particular:

  • Kaspersky lab has been actively involved in deciphering the files encrypted by different viruses, and provides a free program for this purpose, along with a set of instructions for different types of viruses.
  • EmsiSoft company has developed many programs for deciphering ransomware, which can be found on its official website.
  • Trend Micro designed decryption programs against such well-known ransomware as TeslaCrypt, Cerber, CryptXXX, Jigsaw and many others. Here are these programs.
  • If you do not know what ransomware do you have on your PC, you can easily figure it out with help of MalwareHunterTeam website. You will need to upload the ransom note and the sample of encrypted file. After that, skilled specialists will examine the sample and tell you what is this ransomware and is there a way to decrypt files.

Of course, there are many other services that provide help in decrypting of corrupted files, but we picked these four, because they are the most well-known and reputable, and these companies are always the first to come to grips with the new viruses. Many anti-virus developers provide suchlike services for the users of their software, or for an additional payment.

If you were unlucky and you faced with previously unknown ransomware, about which there is no information on any of these sites - just post a comment and we'll try to help you with your problem.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.