零基础黑客教程，黑客圈新闻，安全面试经验

尽在 # 掌控安全EDU #

每当出现新的0day漏洞

市面上就会掀起一阵勒索病毒风

今天小师妹带大家一起

对勒索病毒Say “No!”

怎么判断病毒所属呢？

1、通过勒索信息文件、加密后文件后缀等勒索特征判断勒索病毒家族。

2、选择对应家族（如有版本也应选择对应版本）的解密工具；

3、解密前需对重要的数据进行备份（即使处于被加密状态），以防止解密失败造成损失；

4、解密前需确保系统中的勒索病毒已被清除，否则可能遭到重复加密；

5、部分解密工具可能需要特定的解密环境（如在原始受感染的主机上进行解密、需要同时提供加密文件和原文件等），具体请参考工具中的说明。

6、解密工具可能只对某些家族的特定版本生效。

下面~小师妹给大家推荐几款

自动识别病毒样本 的站点

#勒索信息综合性查询网站

深信服EDR查询

https://edr.sangfor.com.cn/#/information/ransom_search

启明星辰勒索病毒搜索引擎

https://lesuo.venuseye.com.cn/

botfrei.de网站

https://www.botfrei.de/de/ransomware/galerie.html

2综合性解密工具

卡巴斯基：勒索软件解密工具集

https://noransom.kaspersky.com/

Avast：勒索软件解密工具集

https://www.avast.com/zh-cn/ransomware-decryption-tools

Trendmicro：勒索软件解密方案

https://esupport.trendmicro.com/solution/zh-cn/1115118.aspx

MalwareHunterTeam:勒索软件解密工具集

https://id-ransomware.malwarehunterteam.com/

nomoreransom：勒索软件解密工具集

https://www.nomoreransom.org/zh/index.html

Emsisoft：勒索软件解密工具集

https://www.emsisoft.com/ransomware-decryption-tools/free-download

3

勒索病毒解密工具

[Apocalypse勒索软件解密工具]

https://www.pcrisk.com/removal-guides/10111-apocalypse-ransomware

[Alcatrazlocker勒索软件解密工具]

https://files.avast.com/files/decryptor/avast_decryptor_alcatrazlocker.exe

[Alma勒索软件解密工具]

https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter

[Alpha勒索软件解密工具]

https://dl.360safe.com/Decryptor_AlphaDecrypter.cab

[AL-Namrood勒索软件解密工具]

https://www.pcrisk.com/removal-guides/10535-al-namrood-ransomware

[Apocalypse 勒索病毒解密工具]

http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companies-through-insecure-rdp/

[Autolocky勒索软件解密工具]

https://www.bleepingcomputer.com/news/security/decrypted-the-new-autolocky-ransomware-fails-to-impersonate-locky/

[Bart勒索病毒解密工具]

http://phishme.com/rockloader-downloading-new-ransomware-bart/

[BitDtak勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.zip

[BarRax勒索软件解密工具]

https://blog.checkpoint.com/wp-content/uploads/2017/03/BarRaxDecryptor.zip

[CryptON 勒索病毒解密工具]

http://blog.emsisoft.com/2017/03/07/emsisoft-releases-free-decrypter-for-crypton-ransomware/

[CoinVault勒索软件解密工具]

https://www.bleepingcomputer.com/virus-removal/coinvault-ransomware-information

[CryptXXX勒索病毒解密工具]

http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information

[Crypt0勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/Crypt0Decrypter.zip

https://www.pcrisk.com/removal-guides/10478-crypt0-ransomware

[Crypt38Keygen勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/Crypt38Keygen.zip

[Crypren勒索软件解密工具]

https://github.com/pekeinfo/DecryptCrypren

http://www.nyxbone.com/malware/Crypren.html

[CryptComsole勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/CryptConsoleDecrypter.zip

[Crytomix勒索软件解密工具]

https://files.avast.com/files/decryptor/avast_decryptor_cryptomix.exe

[CryptoHostKeygen勒索软件解密工具]

https://github.com/Demonslay335/CryptoHostKeygen

[Cry9勒索软件解密工具]

https://www.pcrisk.com/removal-guides/11199-cry9-ransomware

http://blog.emsisoft.com/2017/04/04/remove-cry9-ransomware-with-emsisofts-free-decrypter/

[CoinVault勒索软件解密工具]

https://www.nomoreransom.org/uploads/CoinVaultDecryptor.zip

[Cryptinfinite勒索软件解密工具]

https://www.pcrisk.com/removal-guides/9568-cryptinfinite-ransomware

[CrazyCrypt勒索密钥生成工具]

https://edr.sangfor.com.cn/file/tool/CrazyCrypt_Password.rar

[DXXD勒索病毒解密工具]

http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/

[DoNotOpen勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/DoNotOpenDecrypter.zip

[Decrypt Protect[mbl advisory]勒索病毒解密工具]

http://www.malwareremovalguides.info/decrypt-files-with-decrypt_mblblock-exe-decrypt-protect/

[Enigma勒索软件解密工具]

https://www.im-infected.com/ransomware/remove-enigma-ransomware-virus-removal.html

[EduCrypt勒索软件解密工具]

https://www.bleepingcomputer.com/news/security/the-educrypt-ransomware-tries-to-teach-you-a-lesson/

[GhostCrypt勒索病毒解密工具]

http://www.bleepingcomputer.com/forums/t/614197/ghostcrypt-z81928819-help-support-topic-read-this-filetxt/

[GhostCrypt勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/GhostCryptDecrypter.zip

[Gomasom勒索软件解密工具]

https://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/

[GandCrab勒索软件解密工具]

https://www.bleepingcomputer.com/news/security/fbi-releases-master-decryption-keys-for-gandcrab-ransomware/

[Hidden tear勒索软件解密工具]

https://files.avast.com/files/decryptor/avast_decryptor_hiddentear.exe

https://download.bleepingcomputer.com/demonslay335/hidden-tear-decrypter.zip

[HydraCrypt/UmbreCrypt勒索病毒解密工具]

http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/

[HydraCrypt勒索软件解密工具]

https://tmp.emsisoft.com/fw/decrypt_hydracrypt.exe

[Hidden Tear勒索软件解密工具]

https://www.cyber.nj.gov/threat-profiles/ransomware-variants/hidden-tear

[InsaneCrypt勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/InsaneCryptDecrypter.zip

[Ims00rry勒索软件解密工具]

https://securityaffairs.co/wordpress/88376/malware/ims00rry-ransomware-decryptor.html

https://www.emsisoft.com/decrypter/ims00rry

[Jigsaw勒索软件解密工具]

https://www.bleepingcomputer.com/news/security/jigsaw-ransomware-becomes-cryptohitman-with-porno-extension/

[JuicyLemon勒索软件解密工具]

https://dl.360safe.com/Decryptor_JuicyLemonDecoder.cab

[JigSaw勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip

[Lockcrypt勒索软件解密工具]

https://labs.bitdefender.com/wp-content/uploads/downloads/lockcrypt-ransomware-decryptor/

[Legion勒索病毒解密工具]

http://botcrawl.com/legion-ransomware/

[LockedIn勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/LockedInDecrypter.zip

[MirCop勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/MirCopDecrypter.zip

[Mblblock勒索软件解密工具]

https://tmp.emsisoft.com/fw/decrypt_mblblock.exe

[Marlboro勒索软件解密工具]

https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-in-one-day/

[Nullbyte勒索软件解密工具]

https://www.bleepingcomputer.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/

[NullByte勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/NullByteDecrypter.zip

[Nanolocker勒索软件解密工具]

https://github.com/Cyberclues/nanolocker-decryptor

[NMoreira勒索软件解密工具]

https://www.pcrisk.com/removal-guides/10689-nmoreira-ransomware

[NanoLocker勒索病毒解密工具]

http://blog.malwareclipboard.com/2016/01/nanolocker-ransomware-analysis.html

[OpenToYou 勒索病毒解密工具]

http://blog.emsisoft.com/2016/12/30/emsisoft-releases-free-decrypter-for-opentoyou-ransomware/

[Odcodc勒索病毒解密工具]

http://www.nyxbone.com/malware/odcodc.html

[ODCODCDecoder勒索软件解密工具]

https://dl.360safe.com/Decryptor_ODCODCDecoder.cab

[Pclock勒索软件解密工具]

https://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/

[PopCorn勒索软件解密工具]

https://www.elevenpaths.com/downloads/RecoverPopCorn.zip

[Ransom.Cryakl勒索病毒解密工具]

http://blog.checkpoint.com/2015/11/04/offline-ransomware-encrypts-your-data-without-cc-communication/

[Shade勒索软件解密工具]

https://blog.kaspersky.com/shade-decryptor/12661/

[SanSam勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip

[Unlock92勒索软件解密工具]

https://download.bleepingcomputer.com/demonslay335/Unlock92Decrypter.zip

[Unlocker勒索软件解密工具]

https://github.com/kyrus/crypto-un-locker

[Wildfire勒索软件解密工具]

https://downloadcenter.mcafee.com/products/mcafee-avert/wildfiredecrypt/wildfiredecrypt.exe

4、注意事项

本文提供的解密器（链接）均由互联网搜集而来

只做信息汇总，但不保证解密工具的可行性和安全性

如果真的不小心中招了，记得做好 数据备份

以防止不必要的损失~！

最后给大家科普一些防御病毒的常见手段吧~

5、 防范方法

1：关闭服务进程（杜绝445端口）

2：注册表关闭勒索病毒服务

3：开启防火墙，防微杜渐过滤危险端口

4：组策略安全设置、ip安全策略