This tool attempts to decrypt files with the default password of the VCRYPTOR ransomware.

Technology description

This tool attempts to decrypt files with the default password of the VCRYPTOR ransomware.

If the computer is infected by the most common VCrypt variant, the password shown and used
should work.

Functionalities

Steps to be taken to implement the POC:
1. Download VCrypt (dumb) DecryptorSetup.exe
2. When finished, run VCrypt (dumb) Decryptor.exe on the infected computer.
The program will be placed in:
c:\Users\<YOURUSERNAME>\AppData\Local\VCrypt (dumb) Decryptor\
3. If the computer is infected by the most common VCrypt variant, the password shown and used
should work.
4. Click the “Decrypt” button.
5. Wait for the program to unlock all your files. They should be back in its original
place. If not, look for them in your “user” folder.
6. The program will not remove the .vcrypt files or the ransomware itself. If
everything goes ok, please remove .vcrypt files in your computer once recovered.

Note: If the malware is still running, the process will not fully work.
VCrypt Decryptor
Innovation Technologies

DirtyTooth for Raspberry Pi

This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi.

Recover Popcorn

This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016.

Wannacry File Restorer

Wannacry File Restorer allows recovering files left in the middle of the Wannacry malware encryption process on a computer. Thanks to this PoC, these files can be recovered.