Rakhni Decryptor is a general purpose ransomware decryptor created by Kaspersky Labs.
Instead of creating a separate decryptor for each ransomware infection, they created on decryptor that can handle a variety of different families.
Download Rakhni Decryptor
Currently Rakhni Decryptor can decrypt the following ransomware families:
Trojan-Ransom.Win32.Rakhni, Trojan-Ransom.Win32.Agent.iih, Trojan-Ransom.Win32.Aura, Trojan-Ransom.Win32.Autoit, Trojan-Ransom.AndroidOS.Pletor, Trojan-Ransom.Win32.Rotor, Trojan-Ransom.Win32.Lamer, Trojan-Ransom.MSIL.Lortok, Trojan-Ransom.Win32.Cryptokluchen, Trojan-Ransom.Win32.Democry, Trojan-Ransom.Win32.Bitman version 3 and 4, Trojan-Ransom.Win32.Libra, Trojan-Ransom.MSIL.Lobzik, Trojan-Ransom.Win32.Chimera, Trojan-Ransom.Win32.Mircop, and Trojan-Ransom.Win32.Crusis
Of these families, Rakhni Decryptor can decrypt files that have their filenames encrypted and renamed to the one of the following formats:
MISC RANSOMWARE:
"
<filename>.<original_extension>.<locked>
<filename>.<original_extension>.<kraken>
<filename>.<original_extension>.<darkness>
<filename>.<original_extension>.<nochance>
<filename>.<original_extension>.<oshit>
<filename>.<original_extension>.<oplata@qq_com>
<filename>.<original_extension>.<relock@qq_com>
<filename>.<original_extension>.<crypto>
<filename>.<original_extension>.<helpdecrypt@ukr.net>
<filename>.<original_extension>.<pizda@qq_com>
<filename>.<original_extension>.<dyatel@qq_com>
<filename>.<original_extension>_crypt
<filename>.<original_extension>.<nalog@qq_com>
<filename>.<original_extension>.<chifrator@qq_com>
<filename>.<original_extension>.<gruzin@qq_com>
<filename>.<original_extension>.<troyancoder@qq_com>
<filename>.<original_extension>.<encrypted>
<filename>.<original_extension>.<cry>
<filename>.<original_extension>.<AES256>
<filename>.<original_extension>.<enc>
<filename>.<original_extension>.<coderksu@gmail_com_id371>
<filename>.<original_extension>.<coderksu@gmail_com_id372>
<filename>.<original_extension>.<coderksu@gmail_com_id374>
<filename>.<original_extension>.<coderksu@gmail_com_id375>
<filename>.<original_extension>.<coderksu@gmail_com_id376>
<filename>.<original_extension>.<coderksu@gmail_com_id392>
<filename>.<original_extension>.<coderksu@gmail_com_id357>
<filename>.<original_extension>.<coderksu@gmail_com_id356>
<filename>.<original_extension>.<coderksu@gmail_com_id358>
<filename>.<original_extension>.<coderksu@gmail_com_id359>
<filename>.<original_extension>.<coderksu@gmail_com_id360>
<filename>.<original_extension>.<coderksu@gmail_com_id20>
<filename>.crypt@india.com.random_characters>
<filename>.<original_extension>+<hb15>
"
Trojan-Ransom.Win32.Democry:
"
<file_name>.<original_extension>+<._date-time_$address@domain$.777>
<file_name>.<original_extension>+<._date-time_$address@domain$.legion>
"
Trojan-Ransom.Win32.Bitman version 3:
"
<file_name>.<xxx>
<file_name>.<ttt>
<file_name>.<micro>
<file_name>.<mp3>
Trojan-Ransom.Win32.Bitman version 4:
<file_name>.<original_extension> (name and extension are not changed)
Trojan-Ransom.Win32.Libra:
<file_name>.<encrypted>
<file_name>.<locked>
<file_name>.<SecureCrypted>
Trojan-Ransom.MSIL.Lobzik:
<file_name>.<fun>
<file_name>.<gws>
<file_name>.<btc>
<file_name>.<AFD>
<file_name>.<porno>
<file_name>.<pornoransom>
<file_name>.<epic>
<file_name>.<encrypted>
<file_name>.<J>
<file_name>.<payransom>
<file_name>.<paybtcs>
<file_name>.<paymds>
<file_name>.<paymrss>
<file_name>.<paymrts>
<file_name>.<paymst>
<file_name>.<paymts>
<file_name>.<payrms>
"
TROJAN-RANSOM.WIN32.MIRCOP:
Lock.file_name.original extension
TROJAN-RANSOM.WIN32.CRUSIS:
"
.ID<…>.@..xtbl
.ID<…>.@..CrySiS
.id-<…>.@..xtbl
.id-<…>.@..CrySiS
"
DHARMA RANSOMWARE:
"
.[3angle@india.com].dharma
.[amagnus@india.com].dharma
.[base_optimal@india.com].dharma
.[bitcoin143@india.com].dharma
.[blackeyes@india.com].dharma
.[doctor.crystal@mail.com].dharma
.[dr_crystal@india.com].dharma
.[emmacherry@india.com].dharma
.[google_plex@163.com].dharma
.[mr_lock@mail.com].dharma
.[opened@india.com].dharma
.[oron@india.com].dharma
.[payforhelp@india.com].dharma
.[savedata@india.com].dharma
.[singular@india.com].dharma
.[suppforhelp@india.com].dharma
.[SupportForYou@india.com].dharma
.[tombit@india.com].dharma
.[worm01@india.com].dharma
"