Return to Answer

• If the decryption tool for LeChiffre doesn't work, you can recover all but the first and last 8KB of each file's data using a hex editor. Jump to address 0x2000 and copy out all but the last 0x2000 bytes. Small files will be completely wrecked, but with some fiddling you might be able to get something helpful out of larger ones.
• If you've been hit with WannaCrypt and you're running Windows XP, haven't rebooted since the infection, and are lucky, you might be able to extract the private key with Wannakey.
• (others will be added as they are discovered)

• If the decryption tool for LeChiffre doesn't work, you can recover all but the first and last 8KB of each file's data using a hex editor. Jump to address 0x2000 and copy out all but the last 0x2000 bytes. Small files will be completely wrecked, but with some fiddling you might be able to get something helpful out of larger ones.
• If you've been hit with WannaCrypt and you're running Windows XP, haven't rebooted since the infection, and are lucky, you might be able to extract the private key with Wannakey.
• Bitdefender has a number of free tools to help identify the variant and to decrypt some specific variants.
• (others will be added as they are discovered)

• If the decryption tool for LeChiffre doesn't work, you can recover all but the first and last 8KB of each file's data using a hex editor. Jump to address 0x2000 and copy out all but the last 0x2000 bytes. Small files will be completely wrecked, but with some fiddling you might be able to get something helpful out of larger ones.
• (others will be added as they are discovered)

• If the decryption tool for LeChiffre doesn't work, you can recover all but the first and last 8KB of each file's data using a hex editor. Jump to address 0x2000 and copy out all but the last 0x2000 bytes. Small files will be completely wrecked, but with some fiddling you might be able to get something helpful out of larger ones.
• If you've been hit with WannaCrypt and you're running Windows XP, haven't rebooted since the infection, and are lucky, you might be able to extract the private key with Wannakey.
• (others will be added as they are discovered)

Ransomware generally uses asymmetric-key cryptography, which involves two keys: the public key and the private key. When you get hit by ransomware, the malicious program running on your computer connects to the bad guys' server (the command-and-control, or C&C), which generates both keys. It only sends the public key to the malware on your computer, since that's all it needs to encrypt the files. Unfortunately, the files can only be decrypted with the private key, which never even comes into your computer's memory if the ransomware is well-written. The bad guys will only give you the private key (thereby letting you decrypt your files) if you pay up.

Ransomware generally uses asymmetric-key cryptography, which involves two keys: the public key and the private key. When you get hit by ransomware, the malicious program running on your computer connects to the bad guys' server (the command-and-control, or C&C), which generates both keys. It only sends the public key to the malware on your computer, since that's all it needs to encrypt the files. Unfortunately, the files can only be decrypted with the private key, which never even comes into your computer's memory if the ransomware is well-written. The bad guys usually state that they will give you the private key (thereby letting you decrypt your files) if you pay up, but of course you have to trust them to do so.