Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.
Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.
Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.
It is estimated that ransomware attacks cost more than $1 billion per year.
The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands' police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections -- and how to prevent themselves becoming infected in the future.
Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.
However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.
See also: 'Massive' Locky ransomware campaign targets hospitals
The No More Ransom Project offers a quick way to find out what sort of ransomware is on your PC using this step-by-step guide. Alternatively, the Malware Hunter Team runs the ID Ransomware online service which can also be used to identify infections.
Below, in alphabetical order, you can find a range of tools and software made available by researchers to scour your PC clean of the most common types of infection.
- Al-Namrood: Removal tool. Emsisoft.
- Apocalypse: Removal tool. Emsisoft.
- ApocalypseVM: Removal tool. Emsisoft.
- Autolocky: Removal tool. Emsisoft.
- BadBlock: Removal tool. Trend Micro. Alternative: BadBlock: Removal tool. Emsisoft.
- Bart: Removal tool | AVG | Original file copy required
- Bitcryptor: Removal tool. Kaspersky
- Cerber v.1: Removal tool. Trend Micro.
- Chimera: Removal tool. Trend Micro.
- CoinVault: Removal tool. Kaspersky
- CrypBoss: Removal tool. Emsisoft.
- CryptoDefense: Removal tool. Emsisoft.
- CryptInfinite: Removal tool. Emsisoft.
- CryptXXX v.1 & 2: Removal tool (.zip). Kaspersky. (*Files encrypted by Trojan-Ransom.Win32.CryptXXX version 3 are detected, but not decrypted)
- CryptXXX v1, 2, 3, 4, 5: Removal tool. Trend Micro.
- DMALocker: Removal tool. Emsisoft.
- DMALocker2: Removal tool. Emsisoft.
- Fabiansomware: Removal tool. Emsisoft.
- FenixLocker: Removal tool. Emsisoft.
- Gomasom: Removal tool. Emsisoft.
- Globe: Removal tool. Emsisoft.
- Harasom: Removal tool. Emsisoft.
- HydraCrypt: Removal tool. Emsisoft.
- Jigsaw: Removal tool. Trend Micro.
- KeyBTC: Removal tool. Emsisoft.
- Lechiffree: Removal tool. Trend Micro.
- Marsjoke | Polyglot: Removal tool (.zip) | Kaspersky. See also: One more bites the dust: Kaspersky releases decryption tool for Polyglot ransomware
- Nemucod: Removal tool. Trend Micro.
- Nemucod: Removal tool. Emsisoft.
- MirCop: Removal tool. Trend Micro.
- Operation Global III: Removal tool.
- TeslaCrypt: Removal tool. Cisco.
- PClock: Removal tool. Emsisoft.
- Petya: Removal tool. Key generator.
- Philadelphia: Removal tool. Emsisoft.
- PowerWare: Removal tool.
- Rakhni & similar: Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Lortok, Cryptokluchen, Democry: Removal tool (.exe). Kaspersky
- Rannoh: Removal tool (.zip). Kaspersky
- Shade v1 & 2: Removal tool. Kaspersky
- SNSLocker: Removal tool. Trend Micro.
- Stampado: Removal tool. Trend Micro. Alternative: Removal tool. Emisoft.
- TeslaCrypt v1, 2, 3, 4: Removal tool. Trend Micro.
- UmbreCrypt: Removal tool. Emsisoft.
- Vandev: Removal tool. Kaspersky
- Wildfire: Removal tool (.zip). Kaspersky
- Xorist: Removal tool. Kaspersky
- Xorist: Removal tool. Emsisoft. (Alternative: Removal tool. Trend Micro.)
- 777: Removal tool. Trend Micro.