0x1 勒索軟體解密工具
[Apocalypse勒索軟體解密工具]
https://www.pcrisk.com/removal-guides/10111-apocalypse-ransomware
[Alcatrazlocker勒索軟體解密工具]
https://files.avast.com/files/decryptor/avast_decryptor_alcatrazlocker.exe
[Alma勒索軟體解密工具]
https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter
[Alpha勒索軟體解密工具]
https://dl.360safe.com/Decryptor_AlphaDecrypter.cab
[AL-Namrood勒索軟體解密工具]
https://www.pcrisk.com/removal-guides/10535-al-namrood-ransomware
[Apocalypse 勒索病毒解密工具]
http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companies-through-insecure-rdp/
[Autolocky勒索軟體解密工具]
https://www.bleepingcomputer.com/news/security/decrypted-the-new-autolocky-ransomware-fails-to-impersonate-locky/
[Bart勒索病毒解密工具]
http://phishme.com/rockloader-downloading-new-ransomware-bart/
[BitDtak勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.zip
[BarRax勒索軟體解密工具]
https://blog.checkpoint.com/wp-content/uploads/2017/03/BarRaxDecryptor.zip
[CryptON 勒索病毒解密工具]
http://blog.emsisoft.com/2017/03/07/emsisoft-releases-free-decrypter-for-crypton-ransomware/
[CoinVault勒索軟體解密工具]
https://www.bleepingcomputer.com/virus-removal/coinvault-ransomware-information
[CryptXXX勒索病毒解密工具]
http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information
[Crypt0勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/Crypt0Decrypter.zip
https://www.pcrisk.com/removal-guides/10478-crypt0-ransomware
[Crypt38Keygen勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/Crypt38Keygen.zip
[Crypren勒索軟體解密工具]
https://github.com/pekeinfo/DecryptCrypren
http://www.nyxbone.com/malware/Crypren.html
[CryptComsole勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/CryptConsoleDecrypter.zip
[Crytomix勒索軟體解密工具]
https://files.avast.com/files/decryptor/avast_decryptor_cryptomix.exe
[CryptoHostKeygen勒索軟體解密工具]
https://github.com/Demonslay335/CryptoHostKeygen
[Cry9勒索軟體解密工具]
https://www.pcrisk.com/removal-guides/11199-cry9-ransomware
http://blog.emsisoft.com/2017/04/04/remove-cry9-ransomware-with-emsisofts-free-decrypter/
[CoinVault勒索軟體解密工具]
https://www.nomoreransom.org/uploads/CoinVaultDecryptor.zip
[Cryptinfinite勒索軟體解密工具]
https://www.pcrisk.com/removal-guides/9568-cryptinfinite-ransomware
[CrazyCrypt勒索密鑰生成工具]
https://edr.sangfor.com.cn/file/tool/CrazyCrypt_Password.rar
[DXXD勒索病毒解密工具]
http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/
[DoNotOpen勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/DoNotOpenDecrypter.zip
[Decrypt Protect[mbl advisory]勒索病毒解密工具]
http://www.malwareremovalguides.info/decrypt-files-with-decrypt_mblblock-exe-decrypt-protect/
[Enigma勒索軟體解密工具]
https://www.im-infected.com/ransomware/remove-enigma-ransomware-virus-removal.html
[EduCrypt勒索軟體解密工具]
https://www.bleepingcomputer.com/news/security/the-educrypt-ransomware-tries-to-teach-you-a-lesson/
[GhostCrypt勒索病毒解密工具]
http://www.bleepingcomputer.com/forums/t/614197/ghostcrypt-z81928819-help-support-topic-read-this-filetxt/
[GhostCrypt勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/GhostCryptDecrypter.zip
[Gomasom勒索軟體解密工具]
https://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/
[GandCrab勒索軟體解密工具]
https://www.bleepingcomputer.com/news/security/fbi-releases-master-decryption-keys-for-gandcrab-ransomware/
[Hidden tear勒索軟體解密工具]
https://files.avast.com/files/decryptor/avast_decryptor_hiddentear.exe
https://download.bleepingcomputer.com/demonslay335/hidden-tear-decrypter.zip
[HydraCrypt/UmbreCrypt勒索病毒解密工具]
http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/
[HydraCrypt勒索軟體解密工具]
https://tmp.emsisoft.com/fw/decrypt_hydracrypt.exe
[Hidden Tear勒索軟體解密工具]
https://www.cyber.nj.gov/threat-profiles/ransomware-variants/hidden-tear
[InsaneCrypt勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/InsaneCryptDecrypter.zip
[Ims00rry勒索軟體解密工具]
https://securityaffairs.co/wordpress/88376/malware/ims00rry-ransomware-decryptor.html
https://www.emsisoft.com/decrypter/ims00rry
[Jigsaw勒索軟體解密工具]
https://www.bleepingcomputer.com/news/security/jigsaw-ransomware-becomes-cryptohitman-with-porno-extension/
[JuicyLemon勒索軟體解密工具]
https://dl.360safe.com/Decryptor_JuicyLemonDecoder.cab
[JigSaw勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip
[Lockcrypt勒索軟體解密工具]
https://labs.bitdefender.com/wp-content/uploads/downloads/lockcrypt-ransomware-decryptor/
[Legion勒索病毒解密工具]
http://botcrawl.com/legion-ransomware/
[LockedIn勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/LockedInDecrypter.zip
[MirCop勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/MirCopDecrypter.zip
[Mblblock勒索軟體解密工具]
https://tmp.emsisoft.com/fw/decrypt_mblblock.exe
[Marlboro勒索軟體解密工具]
https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-in-one-day/
[Nullbyte勒索軟體解密工具]
https://www.bleepingcomputer.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/
[NullByte勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/NullByteDecrypter.zip
[Nanolocker勒索軟體解密工具]
https://github.com/Cyberclues/nanolocker-decryptor
[NMoreira勒索軟體解密工具]
https://www.pcrisk.com/removal-guides/10689-nmoreira-ransomware
[NanoLocker勒索病毒解密工具]
http://blog.malwareclipboard.com/2016/01/nanolocker-ransomware-analysis.html
[OpenToYou 勒索病毒解密工具]
http://blog.emsisoft.com/2016/12/30/emsisoft-releases-free-decrypter-for-opentoyou-ransomware/
[Odcodc勒索病毒解密工具]
http://www.nyxbone.com/malware/odcodc.html
[ODCODCDecoder勒索軟體解密工具]
https://dl.360safe.com/Decryptor_ODCODCDecoder.cab
[Pclock勒索軟體解密工具]
https://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/
[PopCorn勒索軟體解密工具]
https://www.elevenpaths.com/downloads/RecoverPopCorn.zip
[Ransom.Cryakl勒索病毒解密工具]
http://blog.checkpoint.com/2015/11/04/offline-ransomware-encrypts-your-data-without-cc-communication/
[Shade勒索軟體解密工具]
https://blog.kaspersky.com/shade-decryptor/12661/
[SanSam勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip
[Unlock92勒索軟體解密工具]
https://download.bleepingcomputer.com/demonslay335/Unlock92Decrypter.zip
[Unlocker勒索軟體解密工具]
https://github.com/kyrus/crypto-un-locker
[Wildfire勒索軟體解密工具]
https://downloadcenter.mcafee.com/products/mcafee-avert/wildfiredecrypt/wildfiredecrypt.exe
0x2 綜合性解密工具網站
卡巴斯基:勒索軟體解密工具集
https://noransom.kaspersky.com/?spm=a2c4g.11186623.2.3.bSlRlm
Avast:勒索軟體解密工具集
https://www.avast.com/zh-cn/ransomware-decryption-tools?spm=a2c4g.11186623.2.5.bSlRlm
Trendmicro:勒索軟體解密方案
https://esupport.trendmicro.com/solution/zh-cn/1115118.aspx?spm=a2c4g.11186623.2.4.bSlRlm
MalwareHunterTeam:勒索軟體解密工具集
https://id-ransomware.malwarehunterteam.com/
nomoreransom:勒索軟體解密工具集
https://www.nomoreransom.org/zh/index.html
Emsisoft:勒索軟體解密工具集
https://www.emsisoft.com/ransomware-decryption-tools/free-download
0x3勒索資訊綜合性查詢網站
botfrei.de網站
https://www.botfrei.de/de/ransomware/galerie.html
0x4卡巴斯基勒索解密工具
Rannoh Decrypter
卡巴出品,盡管逆向勒索軟體是十分困難的,但該産品支援對Rannoh 和CryptXXX的解密。支援對CryptXXX 1、2、3版本的解密,盡管對2和3的處理有時會有bug。
https://www.nomoreransom.org/uploads/RannohDecryptor_how-to_guide.pdf
Wildfire Decryptor
卡巴斯基實驗室和 Intel 安全開發的針對Wildfire的解密工具。該勒索軟體曾被發現荷蘭的一個伺服器一個月獲得了8萬美元,感染了5600台機器。
https://www.nomoreransom.org/uploads/WildFire_Decryptor_how_to.pdf
Chimera Decryptor
卡巴更新其Rakhni utility打造的Chimera 解密器。
https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf
Shade Decryptor
卡巴和Intel安全開發的針對Shade的解密工具,曾恢複了25萬的密鑰。
https://www.nomoreransom.org/uploads/ShadeDecryptor_how-to_guide.pdf
Teslacrypt Decryptor
卡巴和Intel針對Teslacrypt的解密工具。
https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf
CoinVault Decryptor
卡巴針對CoinVault 和Bitcryptor的解密工具,搞定了至少1.4萬解密密鑰。
https://www.nomoreransom.org/uploads/CoinVault-decrypt-howto.pdf
0x5 注意事項
解密器(連結)均由網際網路搜集而來,隻對工具資訊進行彙總,不保證解密工具的可行性和安全性,使用者應做好資料備份,以防止不必要的損失。
使用解密工具您需要注意以下事項:
1、選擇對應家族(如有版本也應選擇對應版本)的解密工具;
2、解密前需對重要的資料進行備份(即使處于被加密狀态),以防止解密失敗造成損失;
3、解密前需確定系統中的勒索病毒已被清除,否則可能遭到重複加密;
4、部分解密工具可能需要特定的解密環境(如在原始受感染的主機上進行解密、需要同時提供加密檔案和原檔案等),具體情況參考工具中的說明;
5、解密工具可能隻對某些家族的特定變種或版本生效。
![BlackCat勒索軟體啟用了新的簽名核心驅動程式[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)