Free Ransomware Decryption Tools

Unlock your files without paying the ransom

Please follow the steps below exactly as directed to properly recover your files and minimize the damage from the ransomware attack. Do NOT delete any files until instructed to do so. Here is why.

1 Identify the ransomware

2 Check for available decryption tools

3 Get your files back for free

Upload ransom note

The text file that includes the ransom and payment information.

Upload encrypted file

An encrypted file less than 8 MB in size.

Ransom contact information

Enter the email address or hyperlink the ransomware gave you as contact information.

Service provided by ID Ransomware.

Note: Submitting contact details is the least reliable identification method should only be used in conjunction with at least one of the other options. Uploading the ransom note AND an encrypted file is typically the most reliable method of identification.

We can cut your downtime from weeks down to a few hours

We offer technical advisory and custom decryption services for businesses, insurers and incident responders. Team Emsisoft is here to help you restore your business operations within the shortest possible time. Having helped thousands of ransomware victims over the past 10+ years, our team of specialists accumulated a vast amount of knowledge and skills to provide working solutions faster than anyone else.

Our straightforward recovery process

  1. We analyze your infection within hours and advise whether no-cost recovery is possible using existing decryption tools and techniques.
  2. If our reverse engineers find errors in the encryption code, we try to crack it and build a decrypter that doesn’t require paying the ransom.
  3. If the encryption can’t be cracked at all, we try to find suitable technical workarounds that can be used to significantly reduce the paid ransom.

If you already paid the ransom but the decryptor doesn't work

Sometimes the provided decryptor is horribly slow or faulty, but we can extract the decryption code and create a custom built solution for your ransomware strain that decrypts up to 50% faster with less risk of data damage or loss.

Get in touch with the Emsisoft Anti-Ransomware Team

Our services are provided on an hourly basis with a minimum contingent of 10 hours, which is usually enough to get ransomware victims back to regular business operations. The typical time from first inquiry to a working solution is around 6 hours only, but brand new ransomware strains may take significantly longer to analyze.

Note: We do not negotiate ransoms or facilitate the payment of demands. Should you need these services, please contact an incident response company. We can work with that company to help minimize your costs and ensure the recovery process is both streamlined and safe.

Email us at [email protected]

Get Emsisoft Anti-Malware to prevent ransomware attacks in the future.

Learn More

Frequent Questions

Which ransomware strains can be identified?
The ID service is kindly provided by ID Ransomware and currently detects 809 different ransomwares. Here is a complete, dynamic list of what is currently detected: 010001, 0kilobypt, 24H Ransomware, 4rw5w, 5ss5c, 777, 7ev3n, 7h9r, 7zipper, 8lock8, AAC, ABCLocker, ACCDFISA v2.0, AdamLocker, AES_KEY_GEN_ASSIST, AES-Matrix, AES-NI, AES256-06, Afrodita, Ako / MedusaReborn, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Allcry, Alma Locker, Alpha, AMBA, Amnesia, Amnesia2, Anatova, AnDROid, AngryDuck, Annabelle 2.1, AnteFrigus, Anubi, Anubis, AnubisCrypt, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ApolloLocker, AresCrypt, Argus, Armage, ArmaLocky, Arsium, ASN1 Encoder, Ataware, Atchbo, Aurora, AutoLocky, AutoWannaCryV2, AVCrypt, Avest, AWT, AxCrypter, aZaZeL, B2DR, BadBlock, BadEncript, BadRabbit, Bam!, BananaCrypt, BandarChor, Bart, Bart v2.0, Basilisque Locker, BigBobRoss, Bisquilla, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, Bitpaymer / DoppelPaymer, BitPyLock, Bitshifter, BitStak, BKRansomware, Black Feather, Black Shades, BlackHeart, Blackout, BlackRuby, Blind, Blind 2, Blocatto, BlockFile12, Blooper, Blue Blackmail, BoooamCrypt, Booyah, BrainCrypt, Brazilian Ransomware, BrickR, BTCamant, BTCWare, BTCWare Aleta, BTCWare Gryphon, BTCWare Master, BTCWare PayDay, Bubble, Bucbi, Bud, BugWare, BuyUnlockCode, c0hen Locker, Cancer, Cassetto, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, Chekyshka, ChernoLocker, Chimera, ChinaYunLong, ChineseRarypt, CHIP, ClicoCrypter, Clop, Clouded, CmdRansomware, CockBlocker, Coin Locker, CoinVault, Comrade Circle, Conficker, CorruptCrypt, Cossy, Coverton, Cr1ptT0r Ransomware, CradleCore, CreamPie, Creeper, Cripton, Cripton7zp, Cry128, Cry36, Cry9, Cryakl, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt0r, Crypt12, Crypt38, CryptConsole, CryptConsole3, CryptFuck, CryptGh0st, CryptInfinite, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoGod, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3, CryptoLockerEU, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, Crypton, CryptON, CryptoPokemon, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, Crystal, CSP Ransomware, CTB-Faker, CTB-Locker, CXK-NMSL, D00mEd, Dablio, Damage, DarkoderCryptor, DataKeeper, DavesSmith, Dcrtr, DCry, DCry 2.0, Deadly, DeathNote, DeathRansom, DecryptIomega, DEDCryptor, Defender, Defray, Defray777, DeriaLock, Desync, Dharma (.cezar Family), Dharma (.dharma Family), Dharma (.onion Family), Dharma (.wallet Family), Digisom, DilmaLocker, DirtyDecrypt, Dishwasher, District, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, DoggeWiper, Domino, Done, DoNotChange, Donut, DoubleLocker, DriedSister, DryCry, Dviide, DXXD, DynA-Crypt, eBayWall, eCh0raix / QNAPCrypt, ECLR Ransomware, EdgeLocker, EduCrypt, EggLocker, El Polocker, Enc1, EnCrypt, EncryptedBatch, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, EOEO, Erebus, Eris, Estemani, Eternal, Everbe, Everbe 2.0, Everbe 3.0, Evil, Executioner, ExecutionerPlus, Exocrypt XTC, Exotic, Extortion Scam, Extractor, Fabiansomware, Fadesoft, Fantom, FartPlz, FCPRansomware, FCrypt, FenixLocker, FenixLocker 2.0, Fenrir, FilesLocker, FindZip, FireCrypt, Flatcher3, FLKR, Flyper, FreeMe, FrozrLock, FRSRansomware, FS0ciety, FTCode, FuckSociety, FunFact, FuxSocy Encryptor, Galacti-Crypter, GandCrab, GandCrab v4.0 / v5.0, GandCrab2, GarrantyDecrypt, GC47, Gerber, GermanWiper, GetCrypt, GhostCrypt, GhostHammer, Gibon, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, Godra, GOG, Golden Axe, GoldenEye, Gomasom, Good, GoRansom, Gorgon, Gotcha, GPAA, GPCode, GPGQwerty, GusCrypter, GX40, HadesLocker, Hakbit, Halloware, HappyDayzz, hc6, hc7, HDDCryptor, HDMR, Heimdall, HellsRansomware, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hermes 2.1, Hermes837, Heropoint, Hi Buddy!, HiddenTear, HildaCrypt, HKCrypt, HollyCrypt, HolyCrypt, HPE iLO Ransomware, Hucky, HydraCrypt, IEncrypt, IFN643, Ims00ry, ImSorry, Incanto, InducVirus, InfiniteTear, InfinityLock, InfoDot, InsaneCrypt, iRansom, Iron, Ishtar, Israbye, JabaCrypter, Jack.Pot, Jaff, Jager, JapanLocker, JeepersCrypt, Jemd, Jigsaw, JNEC.a, JobCrypter, JoeGo Ransomware, JosepCrypt, JSWorm, JSWorm 2.0, JSWorm 4.0, JuicyLemon, JungleSec, Kaenlupuf, Kali, Karma, Karmen, Karo, Kasiski, Katyusha, KawaiiLocker, KCW, Kee Ransomware, KeRanger, Kerkoporta, KeyBTC, KEYHolder, KillerLocker, KillRabbit, KimcilWare, Kirk, Kolobo, Kostya, Kozy.Jozy, Kraken, Kraken Cryptor, KratosCrypt, Krider, Kriptovor, KryptoLocker, L33TAF Locker, Ladon, Lalabitch, LambdaLocker, LeChiffre, LightningCrypt, Lilocked, Lime, Litra, LittleFinger, LLTP, LMAOxUS, Lock2017, Lock93, LockBit, LockBox, LockCrypt, LockCrypt 2.0, Locked-In, LockedByte, LockeR, LockerGoga, LockLock, LockMe, Lockout, Locky, LongTermMemoryLoss, LonleyCrypt, LooCipher, Lortok, Lost_Files, LoveServer, LowLevel04, Lucky, MadBit, MAFIA, MafiaWare, Magic, Magniber, Mailto Ransomware, Major, Maktub Locker, MalwareTech's CTF, Maoloa, Marduk, Marlboro, MarsJoke, Matrix, MauriGo, MaxiCrypt, Maykolin, Maysomware, Maze Ransomware, MCrypt2018, MedusaLocker, MegaCortex, MegaLocker, Mespinoza, Meteoritan, Mikoyan, MindSystem, Minotaur, MirCop, MireWare, Mischa, MMM, MNS CryptoLocker, Mobef, MongoLock, Montserrat, MoonCrypter, MorrisBatchCrypt, MOTD, MoWare, MRCR1, MrDec, Muhstik, Mystic, n1n1n1, NanoLocker, NCrypt, NegozI, Nemty, Nemty 2.x, Nemucod, Nemucod-7z, Nemucod-AES, NETCrypton, Netix, NewHT, NextCry, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, Noblis, NonRansomware, NotAHero, Nozelesn, NSB Ransomware, Nuke, NullByte, NxRansomware, Nyton, ODCODC, OhNo!, OmniSphere, OnyxLocker, OoPS, OopsLocker, OpenToYou, OpJerusalem, Ordinypt, Ouroboros v6, OzozaLocker, PadCrypt, Paradise, Paradise .NET, Paradise B29, PayPalGenerator2019, PaySafeGen, PClock, PClock (Updated), PEC 2017, Pendor, Petna, PewCrypt, PGPSnippet, Philadelphia, Phobos, PhoneNumber, Pickles, Plague17, Planetary Ransomware, PoisonFang, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, Pr0tector, Predator, PrincessLocker, PrincessLocker 2.0, PrincessLocker Evolution, Project34, Project57, Protected Ransomware, PshCrypt, PUBG Ransomware, PureLocker, PyCL, PyCL, PyL33T, PyLocky, qkG, QP Ransomware, QuakeWay, Quimera Crypter, QwertyCrypt, Qweuirtksd, R980, RAA-SEP, RabbitFox, RackCrypt, Radamant, Radamant v2.1, Radiation, Random6, RandomLocker, Ranion, RanRan, RanRans, Rans0mLocked, RansomCuck, Ransomnix, RansomPlus, Ransomwared, RansomWarrior, Rapid, Rapid 2.0 / 3.0, RaRansomware, RarVault, Razy, RedBoot, RedEye, RedRum, REKTLocker, Rektware, Relock, RemindMe, RenLocker, RensenWare, RetMyData, REvil / Sodinokibi, Reyptson, RobbinHood, Roga, Rokku, Rontok, RoshaLock, RotorCrypt, Roza, RSA-NI, RSA2048Pro, RSAUtil, Ruby, Russenger, Russian EDA2, Ryuk, SAD, SadComputer, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, SatanCryptor, Saturn, SaveTheQueen, Scarab, ScareCrow, SD 1.1, Seon, Sepsis, SerbRansom, Serpent, ShellLocker, Shifr, Shigo, ShinigamiLocker, ShinoLocker, ShivaGood, ShkolotaCrypt, Shrug, Shrug2, Shujin, Shutdown57, Sifreli, Sigma, Sigrun, SilentSpring, Simple_Encoder, SintaLocker, Skull Ransomware, SkyFile, SkyStars, Smrss32, Snake (Ekans), SnakeLocker, Snatch, SNSLocker, SoFucked, Solo Ransomware, Somik1, Spartacus, SpartCrypt, Spectre, Spider, Spora, Sport, SQ_, Stampado, Stinger, STOP (Djvu), STOP / KEYPASS, StorageCrypter, Storm, Striked, Stroman, Stupid Ransomware, Styx, SunCrypt, SuperB, SuperCrypt, Surprise, SynAck, SyncCrypt, Syrk, SYSDOWN, SystemCrypter, SZFLocker, T1Happy, Team XRat, Telecrypt, TellYouThePass, Termite, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TeslaWare, TFlower, Thanatos, The DMR, TheDarkEncryptor, THT Ransomware, tk, Torchwood, TotalWipeOut, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, Tron, TrueCrypter, TrumpLocker, TurkStatik, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unit09, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, Unlock92 Zipper, Useless Disk, UselessFiles, UserFilesLocker, USR0, Uyari, V8Locker, Vapor v1, VaultCrypt, vCrypt, Vega / Jamper / Buran, Velso, Vendetta, VenisRansomware, VenusLocker, ViACrypt, VindowsLocker, VisionCrypt, VMola, Vortex, Vurten, VxLock, Waffle, WannaCash, WannaCry, WannaCry.NET, WannaCryFake, WannaCryOnClick, WannaDie, WannaPeace, WannaSmile, WannaSpam, Wesker, WhatAFuck, WhiteRose, WildFire Locker, WininiCrypt, Winnix Cryptor, WinRarer, WonderCrypter, Wooly, Wulfric, X Locker 5.0, XCry, XCrypt, XData, XiaoBa, XiaoBa 2.0, Xorist, Xort, XRTN, XTP Locker 5.0, XYZWare, Yatron, YouAreFucked, YourRansom, Yyto, ZariqaCrypt, zCrypt, Zekwacrypt, Zenis, Zeoticus, Zeppelin, ZeroCrypt, ZeroFucks, Zeropadypt, Zeropadypt NextGen / Ouroboros, ZeroRansom, Zilla, ZimbraCryptor, ZinoCrypt, ZipLocker, Zipper, Zoldon, ZQ, Zyklon
Which ransomware strains can be decrypted by free Emsisoft decryptor tools?
Our team of ransomware experts has built a series of specialized decryptors for various strains of ransomware. Please check our Full List of Emsisoft Decryptors.
Can you help me remove the ransomware?
Of course! Please post your malware problem in our Support Forum and one of our malware removal experts will guide you through all necessary steps to clean your device as efficiently as possible.
Is my data confidential?
Any files uploaded to ID Ransomware (IDR) are immediately analyzed against the database of signatures. If results are found, they are immediately deleted. If no results are found, the uploaded files may be shared with IDR’s trusted malware analysts to help with future detections, or identifying a new ransomware.

Data is uploaded to the server over SSL, meaning the connection can not be intercepted by a third-party.

However, IDR cannot guarantee files are kept 100% confidential. The data is temporarily stored on a shared host, and we are not responsible for anything done otherwise with this data.

Any email addresses or BitCoin addresses found in files uploaded to IDR may be stored and shared with trusted third parties or law enforcement. No personally identifiable data is stored.
When is it safe to to delete my encrypted files?
Only delete your files when prompted by the decryptor. If a decryptor is not yet available, we recommend you archive your files in case a decryptor becomes available in the future.