Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

January 20, 2017
Updated May 22, 2017

Thirtyseven4 Releases Ransomware Decryption Tool for Troldesh (xtbl), CryptXXX (crypt) and other ransomware

Thirtyseven4 Releases Ransomware Decryption Tool

The Thirtyseven4 Threat Research Lab has developed a CrySiS/XTBL decryption tool (known as 374-Ransom-Decryptor). 

The free decryption tool can be downloaded from here:

Thirtyseven4 Releases Ransomware Decryption Tool

Added Support:  As of May 22, 2017, the decryption tool will decrypt files affected by the following ransomware families.

Troldesh Ransomware [.onion]
Troldesh Ransomware [.wallet]


Added Support:
  As of March 7, 2017, the decryption tool will decrypt files affected by the following ransomware families.

Troldesh Ransomware [.dharma]
 
Globe3 Ransomware [.globe & .happydayzz]


Added Support:
  As of February 8, 2017, the decryption tool will decrypt files affected by the following ransomware families.

Globe1 Ransomware [.hnyear]

Globe2 Ransomware [.blt]

Globe3 Ransomware [.decrypt2017]

DeriaLock Ransomware [.deria]

Opentoyou Ransomware [.-opentoyou@india.com]



As of January 20th, 2017, the decryption tool will decrypt files affected by the following ransomware families.

Troldesh Ransomware [.xtbl]

Crysis Ransomware [.CrySiS]

Cryptxxx Ransomware [.crypt]

Ninja Ransomware [@_aol.com$.777]

Apocalypse Ransomware [.encrypted]

Nemucod Ransomware [.crypted]

ODC Ransomware [.odcodc]

LeChiffre Ransomware [.LeChiffre]


Note:
A Crysis/XTBL encryption can be identified by the pattern of encrypted file extension:
File name.<extension>.<id-number>.<email>.xtbl/.CrySiS)


Below are the instructions to use the 374-Ransom-Decryptor:

1. Download the 374-Ransom_Decryptor_v1.0.zip from the link above and extract it to the system having the encrypted files.

2. Right click on the “374-Ransom_Decryptor_v1.0.exe” file and 'Run as Administrator’ to view the Decryption Window.

Thirtyseven4 Releases Ransomware Decryption Tool


3. Press the key 'Y' to start the scan. The tool will automatically scan the entire system for those files affected by the ransomware threats listed above . When an encrypted file is found, the tool will decrypt the file in its respective folder while keeping a copy of the encrypted file at the same time.

Thirtyseven4 Releases Ransomware Decryption Tool


After scanning is complete, the decryption tool will show the final status displaying the number of encrypted files found and how many were successfully decrypted. The detailed information about the decryption status of each file can be obtained from the ‘Decryption.log’ generated in the same folder as the tool.

LIKE THIRTYSEVEN4 on FACEBOOK!

 

Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4