Herramientas gratuitas para eliminar Ransomware y el cifrado de archivos
r32:
Ransomware Removal Kit (270 MB):
Link: https://bitbucket.org/jadacyrus/ransomwareremovalkit/downloads#tag-downloads
Descarga: https://bitbucket.org/jadacyrus/ransomwareremovalkit/get/1b5b95ca4d69.zip
Contiene:
- kaspersky-coinvault-decryptor
- BitCryptor
- CryptoDefense
- CryptoLocker
- FBIRansomWare
- TeslaCrypt
- PCLock
- TorrentLocker
- TrendMicro Ransomware RemovalTool
Apocalypse:
Link: http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_BadBlock64.exe
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_ApocalypseVM.exe
BadBlock:
Link: http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_BadBlock32.exe
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_BadBlock64.exe
Crypt888:
Link: http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_Crypt888.exe
Legion:
Link: http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_Legion.exe
SZFLocker:
Link: http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_SzfLocker.exe
TeslaCrypt:
Link: http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Descarga: http://files-download.avg.com/util/avgrem/avg_decryptor_TeslaCrypt3.exe
Link: http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Descarga:
Jigsaw:
Link: http://www.welivesecurity.com/la-es/2016/04/15/jigsaw-ransomware-mas-agresivo-nuevas-capacidades/
Descarga: https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip
Hidden Tear Decryptor (Pompous Ransomware):
Link: http://www.bleepingcomputer.com/news/security/pompous-ransomware-dev-gets-defeated-by-backdoor/
Descarga: https://www.dropbox.com/s/tym00s23hgkxfrp/hidden-tear-decrypter.exe?dl=0
Emsisoft Harasom Decrypter:
Link: http://www.malwareremovalguides.info/how-to-use-emsisoft-decrypt_harasom-exe/
Descarga: http://tmp.emsisoft.com/fw/decrypt_harasom.exe
TorLocker: http://support.kaspersky.com/viruses/disinfection/11718
Descarga: http://media.kaspersky.com/utilities/VirusUtilities/EN/ScraperDecryptor.zip
KeRanger (Mac OSX):
Link: http://www.bleepingcomputer.com/news/security/information-about-the-keranger-os-x-ransomware-and-how-to-remove-it-/
Link: http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/
Descarga: http://download.bleepingcomputer.com/mac/KeRanger-Removal-Tool.zip
Criptowall:
Link: http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
Descarga: http://www.bleepingcomputer.com/download/listcwall/
Trend Micro™ Anti-Ransomware Tool:
Link: https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx
Descarga: http://solutionfile.trendmicro.com/solutionfile/1105975/AR20_build14.exe
Descarga: http://solutionfile.trendmicro.com/solutionfile/1105975/AR4USB_build11.rar
Panda Ransomware Decrypt:
Web: http://www.pandasecurity.com/spain/homeusers/support/card?id=1675
Descarga: http://www.pandasecurity.com/resources/tools/pandaunransom.exe
Guía: http://www.pandasecurity.com/spain/homeusers/support/card?id=1675
Avira Ransom File Unlocker:
Link: https://www.avira.com/es/support-for-home-knowledgebase-detail/kbid/1253
Descarga: https://www.avira.com/files/support/FAQ_KB_Download_Files/EN/ransom_file_unlocker.zip
Ransomware Detection Service:
Link: https://ransomwaredetectionservice.codeplex.com/
Descarga: https://ransomwaredetectionservice.codeplex.com/downloads/get/1555054
XoristDecryptor:
Link: http://support.kaspersky.com/viruses/utility#
Descarga: http://media.kaspersky.com/utilities/VirusUtilities/EN/xoristdecryptor.exe
RectorDecryptor:
Link: http://support.kaspersky.com/viruses/utility#
Descarga: http://media.kaspersky.com/utilities/VirusUtilities/EN/rectordecryptor.exe
RannohDecryptor:
Link: http://support.kaspersky.com/viruses/utility#
Descarga: http://media.kaspersky.com/utilities/VirusUtilities/EN/rannohdecryptor.exe
Rakhni Decryptor Tool:
Link: https://support.kaspersky.com/sp/viruses/disinfection/10556
Descarga: http://media.kaspersky.com/utilities/VirusUtilities/RU/rakhnidecryptor.exe
RsynCrypto:
Link: http://rsyncrypto.lingnu.com/index.php/Home_Page
Descarga: http://heanet.dl.sourceforge.net/project/rsyncrypto/rsyncrypto/1.12/Rsyncrypto-x86-1.12.msi
Video: https://www.youtube.com/watch?v=3yHD9Ht2-l4
Radamant:
Link: http://www.tripwire.com/state-of-security/latest-security-news/ransomware-author-insults-creator-of-decryption-tool-in-malwares-embedded-strings/
Descarga: http://emsi.at/DecryptRadamant
HydraCrypt:
Link: http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/
Descarga: http://emsi.at/DecryptHydraCrypt
DMALocker:
Link: http://www.bleepingcomputer.com/news/security/dma-locker-ransomware-targets-unmapped-network-shares/
Descarga: http://emsi.at/DecryptDMALocker
TeslaDecrypt:
Link: http://blogs.cisco.com/security/talos/teslacrypt.
Descarga: https://github.com/vrtadmin/TeslaDecrypt/blob/master/Windows/TeslaDecrypter.exe
Descarga: http://labs.snort.org/files/TeslaDecrypt_exe.zip
Descarga: http://download.bleepingcomputer.com/BloodDolly/TeslaDecoder.zip
Ransomware decryptor:
Link: https://noransom.kaspersky.com/
Descarga: https://noransom.kaspersky.com/static/CoinVaultDecryptor.zip
CrypInfinite:
Link: http://www.bleepingcomputer.com/forums/t/596691/decryptormax-or-cryptinfinite-ransomware-crinf-extension-support-topic/
Descarga: http://emsi.at/DecryptCryptInfinite
UnlockZeroLocker :
Link: http://vinsula.com/security-tools/unlock-zerolocker/
Descarga: http://vinsula.com/tools/UnlockZeroLocker.zip
TorrentUnlocker:
Link: http://www.bleepingcomputer.com/forums/t/547708/torrentlocker-ransomware-cracked-and-decrypter-has-been-made/
Descarga: http://download.bleepingcomputer.com/Nathan/TorrentUnlocker.exe
LeChiffre Decryptor Tool:
Link: http://www.bleepingcomputer.com/news/security/emsisoft-releases-decrypter-for-the-lechiffre-ransomware/
Descarga: http://emsi.at/DecryptLeChiffre
DecryptGomasom Tool
Link: http://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/
Descarga: http://emsi.at/DecryptGomasom
Locker Unlocker
Link: http://www.bleepingcomputer.com/virus-removal/locker-ransomware-information
Descarga: https://easysyncbackup.com/Downloads/LockerUnlocker.exe
Programas para la prevención de infecciones por algunos de estos Ransomware:
CryptoPrevent:
Link: https://www.foolishit.com/cryptoprevent-malware-prevention/?ModPagespeed=noscript
Descarga: https://www.foolishit.com/?enc_dl_action=process&file=t8jI9%2BLO3SYWwFknM0g%3D
Malwarebytes anti-ransomware:
Link: https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware/
Descarga: https://malwarebytes.app.box.com/s/uluqe6ms2l36bsxkudurlr7yr8lp6d8g
Hitman Pro:
Link: http://www.surfright.nl/en/hitmanpro
Descarga (32 bits): http://files.surfright.nl/hitmanpro.exe
Descarga (64 bits): http://files.surfright.nl/hitmanpro_x64.exe
Antiransom:
Link: http://www.security-projects.com/?Anti_Ransom
Link: http://www.securitybydefault.com/2014/06/anti-ransom-v2-beta.html
Descarga: http://dl.bintray.com/yjesus/AntiRansom/AntiRansom2.0.zip
Beta: https://bintray.com/artifact/download/yjesus/AntiRansom/AntiRansom.zip
BDAntiRansomware:
Link: https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/
Descarga: http://download.bitdefender.com/am/cw/BDAntiRansomwareSetup.exe
A petición del usurio DhM incluyo este tutorial en pdf donde se explica como afecta al sistema infectado incluyendo herramientas de soporte para descifrar archivos:
https://www.ccn-cert.cni.es/pdf/informes-de-ciberseguridad-ccn-cert/informes-ccn-cert-publicos/1384-ccn-cert-ia-01-16-medidas-de-seguridad-contra-ransomware/file.html
En construcción - Actualizado: 06.07.2016
gabriel1995:
muchas gracias por el material
Poseedor de un lg g3
loquito_pincha:
Buenas, lamentablemente fui alcanzado por uno de estos lockers. En mi caso al parecer es una nueva variante, de 1 o 2 meses, q deja mas de 100 extensiones, todas encriptadas y extensión .locky. El archivo de "ayuda" para pagar es help.txt y comenta que todos archivos fueron cifrados con RSA-2048 y AES-128 ciphers.
Hasta el momento, creo entender q la.variante fue identificada con win32/filecoder.locky.a.
Probare si algún desencriptador aqu posteadoí funciona.
Agradezco cualquier info que puedan aportar.
Gracias
arget:
loquito_pincha, no creo que puedas lograrlo. Si está cifrado con RSA-2048 tendrás que pagar. No sé si tienes idea de cómo es la criptografía de clave pública. En este caso el virus probablemente se haya conectado al servidor del atacante pidiendo una clave pública, en el servidor se generaron el par de claves, pública y privada, y le entregó a tu virus la pública. El virus cifró los archivos con la pública y te pidió el dinero. Solo puede descifrarse con la clave privada.
r32:
Hola como dice arget te va a ser complicado si la variante es nueva, a no ser que se comprometa el servidor C&C y se puedan extraer las claves privadas como ha pasado con otras variantes o por problemas con el cifrado.
Botnet Dridex y el ransomware Locky:
http://blog.segu-info.com.ar/2016/03/la-botnet-dridex-ahora-propaga-el.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+exclusivasseguridadinformatica+%28Exclusivas+de+Segu-Info%29
Análisis de la infección:
http://oberheimdmx.blogspot.com.es/2016/03/campana-de-ransomware-locky-mi-amigo.html
http://oberheimdmx.blogspot.com.es/2016/03/campana-de-ransomware-locky-parte-ii.html
Muestra por si alguien quiere destriparlo:
https://www.dropbox.com/s/6jk38tqjxh2qmb1/Locky-2-03-16.zip?dl=0
Pass= infected
Saludos.
Navegación
[#] Página Siguiente