Free Ransomware Decryption Tools

Filename changes:

Apocalypse adds .encrypted, .FuckYourData, .locked, .Encryptedfile, or .SecureCrypted to the end of filenames. (e.g., Thesis.doc = Thesis.doc.locked)

Ransom message:

Opening a file with the extension .How_To_Decrypt.txt, .README.Txt, .Contact_Here_To_Recover_Your_Files.txt, .How_to_Recover_Data.txt, or .Where_my_files.txt (e.g., Thesis.doc.How_To_Decrypt.txt) will display a variant of this message:

Filename changes:

BadBlock does not rename your files.

Ransom message:

After encrypting your files, BadBlock displays one of these messages (from a file named Help Decrypt.html):

Filename changes:

Bart adds .bart.zip to the end of filenames. (e.g., Thesis.doc = Thesis.docx.bart.zip) These are encrypted ZIP archives containing the original files.

Ransom message:

After encrypting your files, Bart changes your desktop wallpaper to an image like the one below. The text on this image can also be used to help identify Bart, and is stored on the desktop in files named recover.bmp and recover.txt.

Filename changes:

Crypt888 adds Lock. to the beginning of filenames. (e.g., Thesis.doc = Lock.Thesis.doc)

Ransom message:

After encrypting your files, Crypt888 changes your desktop wallpaper to one of the following:

Filename changes:

Legion adds a variant of ._23-06-2016-20-27-23_$f_tactics@aol.com$.legion or .$centurion_legion@aol.com$.cbf to the end of filenames. (e.g., Thesis.doc = Thesis.doc._23-06-2016-20-27-23_$f_tactics@aol.com$.legion)

Ransom message:

After encrypting your files, Legion changes your desktop wallpaper and displays a popup, like this:

Filename changes:

SZFLocker adds .szf to the end of filenames. (e.g., Thesis.doc = Thesis.doc.szf)

Ransom message:

When you try to open an encrypted file, SZFLocker displays the following message (in Polish):

Filename changes:

The latest version of TeslaCrypt does not rename your files.

Ransom message:

After encrypting your files, TeslaCrypt displays a variant of the following message: