Stay one step ahead of ransomware – Emsisoft’s Decrypter page

Stay one step ahead of ransomware – Emsisoft’s Decrypter page

At Emsisoft, we do not simply care about our products. We are also pretty freaking excited about our work, because we love what we do. With that passion for our industry we are proud to have a bunch of dedicated ransomware geeks aboard who spend a lot of time cracking new encryptions. We call them masterminds, internally, because we think they are. So, if these masterminds come across a new crypter they instantly find out if it’s crackable – and how to. If so, we’ll build a decrypter.

If a ransomware attack happens it’s all about time. Usually the victims have only one choice: Pay, or lose the data. In a very short amount of time. That is why our masterminds scan and check for new ransomware every day, mornings, evenings – even at night. The faster a solution is widely available to the public to decrypt a specific fraud, the less criminal hackers will get.


Stay ahead of ransomware – check for decrypter on Emsisoft’s Decrypter page

A decrypter can help victims of these scams instantly to regain access to their computer. Just drag the decrypted file into the decrypter that has affected your data. Best part: At Emsisoft, you’ll get those for free. Because in the end, we do simply care about you. Check out our new Emsisoft Decrypter page for all currently available decrypters. Speaking of – we’re out, searching for new threats, and ways to decrypt them.

>> Meanwhile, see it for yourself: Emsisoft Ransomware Decrypter Downloads

Because: We’re here to fix that!

  • Donovan Moser

    Question about the decryptor tool for 777 – if the file exists that the decrypt would be renamed to, does it overwrite or can it skip? – I had to manually restore some files from backup to get the server back up and running enough to run the tool- but don’t want to over-write files that exist if the tool encounters them?

  • cat1092

    This is also why including keeping active protection with either Emsisoft Anti-Malware or Internet Security, one need to backup offline, every night is a business, at least weekly if Home user, then the backup drive(s) detached from computers(s). Keeping as many backups as possible is key, because some may linger a month before pulling the fatal trigger.

    Backups has to be a central point of any computer security plan, by having these, one can avoid ransom payment by restoring the drive(s) from the most recent. That is, after a secure erase of the drive, if SSD, or a more potent tool such as Darin’s Boot & Nuke on HDD’s, booting from the CD & typing ‘autonuke’ at the prompt. This may take overnight to run, depending on size of the drive.

    Then to ensure on a HDD that no infection resides in the Bootloader, use a bootable partition tool to reset MBR to the OS being used, or closest to it.

    Once the drive is clean, then it’s safe to restore the OS.

    Cloning important drives daily & swapping can also help with businesses, and the same for Home users, though on a less frequent schedule. All data should go to another drive as created (preferably detachable external) & should be imaged more often than the OS drive or partition. Should also be detached as soon as any data is copied/saved.

    I see this all the time on Bleeping Computer, way too many computer owners falls prey to this, w/out the first backup, nor have created recovery media sets to restore the OS, all too often, while at the same time depending on ‘free’ (some with PUP’s built in) AV solutions. Security should not include popups for 3rd party offerings, while it’s OK to remind when it’s approaching renewal time with or w/out a promo, anything other is unacceptable.

    It’s a wonder (yet thankfully) that we don’t see more of these attacks, those running unsupported OS’s are at the most risk. While AV/IS solutions can protect against a lot of attacks, these can’t nor are designed to, patch the OS when needed. And when unsupported, becomes riddled with bullet holes that no security can protect.

    So it’s best to run supported Windows, use a quality security offering like Emsisoft provides, have an adequate backup protections plan for your needs in place (and don’t forget to unplug these when not used), keep important data off of the ‘C’ drive as created, chances of paying Ransom are much slimmer.

    Sounds complicated? It’s not, anyone can do all of the above with little effort, and in the case of the hospital in the article, chances are, this happened because of lax employee Internet access. All it takes is the opening of one bad email, the heat is on. Employers should not permit those other than key employees needed for day to day operations to have outside Internet access for any reason. They can bring their smartphones or notebooks for checking their own emails, or course off on the company’s network. Maybe one that’s used for guest access where appropriate, otherwise have a strict network policy.


  • Chris

    Hi all. My PC got attacked by ransomware called Cerberus. I managed to remove the malware, but all files are still encrypted. See sample.. How do I decrypt the files??