How to Decrypt Files Encrypted By Ransomware, Including WannaCry (WNCRY)

Malware is not as simple as it used to be, people are getting smarter and the technology they are using is way more sophisticated than it used to be. On top of this, they are also starting to become more organized and aggressive, ransomware is one of the extremely aggressive methods used to turn a profit. If you've been caught out by ransomware hopefully this guide can help you get your files back.

How to Make Sure Your Facebook Account is Truly Secured.

If you are not 100% familiar with how ransomware works, It's quite similar to how a kidnapper would hold a person hostage and demand money for their freedom. In the case of ransomware, your computer is infected by a file or program which will encrypt your files and data. If you wish your data to be returned safely, you are required to pay the fee demanded. Which can vary depending on what the creator asks for, the success rate for paying the demanded fee is pretty low and usually very expensive.

The only real solution in the past has been to count your losses and restore your data from a backup which you should hopefully have somewhere. Even if it's not completely up to date it's better than the alternative fee. Now though there is an alternative if you have fallen victim to ransomware, Trend Micro has a Decryptor available that can decrypt a good portion of ransomware currently circulating the internet.

Note: If you are looking for a way to limit your possible exposure to any Ransomware including WannaCry, you should make sure that your computer is fully up to date. This includes updating your system from older versions of Windows like XP, Vista, 7 and 8. If you are already running Windows 10 you should make sure that you have updated to the creator's update as well. On top of this, you can also take extra precaution by blocking ports 135 and 445 using Windows Firewall or any other firewall program you might be using.  

Below is this current list of Ransomware supported families that Trend Micro's latest version can handle, which has been recently updated to include some support for Wanna Cry (WCRY) 

CryptXXX V1, V2, V3

XORIST

CryptXXX V4, V5

Teamxrat / Xpan

Crysis

XORBAT

DemoTool

CERBER V1

DXXD

Stampado

TeslaCrypt V1

Nemucod

TeslaCrypt V2

Chimera

TeslaCrypt V3

LeChiffre

TeslaCrypt V4

MirCop

SNSLocker

Jigsaw

AutoLocky

Globe / Purge

BadBlock

V2:

777

V3:

WannaCry (WCRY) WNCRY

.

Download Trend Micro Ransomware File Decryptor.

How to use Trend Micro Ransomware File Decryptor

Once downloaded and installed, the first thing you will need to do is choose the ransomware name from the list. Click Select from the main screen, then choose the name of the Ransomware. If you are not 100% sure of the name, you can select the Option I do not know the ransomware nameThe tool will now ask you to select the target file to be identified. From here the Trend Micro tool will try to automatically identify the ransomware-based on its file signature.

Note: Make sure you are decrypting the files from the original PC that was infected. Do not try to decrypt them from an alternate PC as the results will not be as promising.

The next thing you will need to do is select the file or folder on your PC you want Trend Micro to decrypt. The tool has the option to decrypt a single file or files that are inside a folder, including subfolders. Click Select & Decrypt, choose a folder or a file and click OK to start the decrypting process.

During the encryption process Trend Micro may ask you to provide additional information about the files it is decrypting. Follow the prompts and read the instructions that come with each, to ensure you get the best results. When offered two files with the same name, always choose the larger file as it contains more data. When the scanning and decryption has finished, you will be shown the results, which will include, scan duration, the number of infected files, and the number of files decrypted. The fixed files will have the same name as the original file, however, _fixed will be tagged to the ending so you can easily distinguish between them.

Keep in mind that this tool does have its limitations and might not be able to save all of your files and that the process may take hours, depending on how powerful your computer is. If you are looking for ways to keep yourself safe from this in future you can check out our guide on: 

How to stay safe online and Protect your Data from Harm.

If your files can't be decrypted, you shouldn't write them off just yet, with technology advancing so fast it's only a matter of time before someone comes up with the correct decryption.

Comments