Business

AVG offers free ransomware decryptor tools for businesses

July 11, 2016

AVG just released six new ransomware decryption tools for our channel partners and their clients.  The free tools decrypt the recent ransomware strains Apocalypse, BadBlock, Crypt888, Legion, SZFlocker and TeslaCrypt.

AVG just released six new ransomware decryption tools for our channel partners and their clients.  The free tools decrypt the recent ransomware strains Apocalypse, BadBlock, Crypt888, Legion, SZFlocker and TeslaCrypt.

While our AVG Business products help detect and block against all known ransomware strains –  including this recent six – our AVG partners now have helpful tools if a new client, or even a prospect, has a situation where files are already infected by ransomware.

With our new decryption tools, you should be able to recover your clients’ files and data without paying the ransom.

Using the AVG ransomware decryption tools

To use our AVG decryptor tools for the six recent ransomware strains, follow our simple five step process to unlock the encrypted files:

  • Run a full system scan on the infected PC and quarantine all the infected files.
  • Identify which infection strain encrypted the files. See the descriptions of each strain below. If the ransomware infection matches the strain details, download the appropriate tool and launch it.
  • The tool opens a wizard, which breaks the decryption process into several easy steps.
  • Follow the steps and you should again be able to reclaim your files in most cases.
  • After decryption, be sure to properly back up restored files.

The six ransomware strains and AVG decryptor tools include:

  • Apocalypse
    • Description: The Apocalypse ransomware appends “.encrypted,” “.locked,” or “.SecureCrypted” to names of encrypted files (e.g. example.docx.encrypted, docx.locked, example.docx.SecureCrypted). It also creates ransom messages in files with extensions “.How_To_Decrypt.txt”, “.README.Txt,” or “.Contact_Here_To_Recover_Your_Files.txt” (e.g. example.docx.How_To_Decrypt.txt, example.docx.README.Txt)
    • In those messages, you can find contact addresses such as decryptionservice@mail.ru, dr.compress@bk.ru, decryptdata@inbox.ru, or recoveryhelp@bk.ru.
    • For example:
    • Download the AVG decryptor tool: AVG offers one decryptor tool for the early versions of Apocalypse and one for the current version:
    • http://files-download.avg.com/util/avgrem/avg_decryptor_Apocalypse.exe
    • http://files-download.avg.com/util/avgrem/avg_decryptor_ApocalypseVM.exe
  • Crypt888
    • Description: Crypt888 (aka Mircop) creates encrypted files with the prepended name “Lock.” It also changes your desktop’s wallpaper to a message on a black background that begins with, “You’ve stolen 48.48BTC from the wrong people, please be so kind to return them and we will return your files.”
    • Unfortunately, Crypt888 is a badly written piece of code, which means some of the encrypted files or folders will stay that way, even if you pay the fine, as the cybercriminals’ “official decryptor” may not work.
    • Download the AVG decryptor tool:
    • http://files-download.avg.com/util/avgrem/avg_decryptor_Crypt888.exe
  • Legion

 

At AVG, we take ransomware threats very seriously. We encourage our partners to continue being proactive by using multilayered protection, such as AVG Business solutions, which detect and block ransomware. You can find additional examples of the six ransomware strains and detailed descriptions here.

Ryan Vallee
July 11, 2016


prefooter-platform.pngprefooter-text.png