Hit by ransomware? Victims of these four types of file-encrypting malware can now retrieve their files for free

Cybersecurity researchers crack the codes of FortuneCrypt, Yatron, WannaCryFake and Avest ransomware, allowing victims to get their files back without paying cyber criminals.
Written by Danny Palmer, Senior Writer

People who have fallen victim to FortuneCrypt, Yatron, WannaCryFake or Avest ransomware should now be able to retrieve their encrypted files without giving into the extortion demands of cyber attackers.

Three of the decryption tools have been released for free as part of No More Ransom, a joint initiative by tech security companies and law enforcement that is designed to help businesses and consumers in the fight against cybercrime.

Now more free decryption tools have been added to the No More Ransom arsenal, as Kaspersky Lab has provided tools for decrypting Yatron and FortuneCrypt, while Emsisoft has released a free decryptor for WannaCryFake.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

The authors of Yatron based it on Hidden Tear, a well-known form of open-source ransomware, and it encrypts victims' files with the extension .Yatron. However, researchers at Kaspersky identified mistakes in the crytopgtaphy of Yatron, allowing them to create the decryptor.

Researchers describe FortuneCrypt as a "unique" form of ransomware complied in the Blitz BASIC programming language – and the first form of file-encrypting malware to be coded in this way.

Despite the relatively simple programming language, FortuneCrypt has been deployed in thousands of attacks that threaten to delete files forever if payment isn't received in 24 hours.

However, researchers found that the cryptography of FortuneCrypt is weak, allowing them to build a decryption tool.

In addition to this, researchers at Emsisoft have released a free decryption tool for WannaCryFake – a phoney version of WannaCry, the ransomware that came to prominence in the global cyberattack of 2017.

SEE: Ransomware: 11 steps you should take to protect against disaster

Victims of the WannaCryFake find their files encrypted with .WannaCry and are faced with a ransom note demanding a Bitcoin payment in exchange for returning the files. Now those who become infected by WannaCryFake can download the free decryption tool from Emsisoft to get their files back without paying.

Researchers at Emisisoft have also released a free decryption tool for Avest ransomware. Download links to other decryption tools are also available from the No More Ransom decryption portal.

No More Ransom now offers free decryption tools for over a hundred families of ransomware and, since launching three years ago, the initiative has stopped over $100m from being paid to cyber criminals.


Editorial standards