This tool attempts to decrypt files with the default password of the VCRYPTOR ransomware.

If the computer is infected by the most common VCrypt variant, the password shown and used
should work.

Steps to be taken to implement the POC:
1. Download VCrypt (dumb) DecryptorSetup.exe
2. When finished, run VCrypt (dumb) Decryptor.exe on the infected computer.
The program will be placed in:
c:\Users\<YOURUSERNAME>\AppData\Local\VCrypt (dumb) Decryptor\
3. If the computer is infected by the most common VCrypt variant, the password shown and used
should work.
4. Click the “Decrypt” button.
5. Wait for the program to unlock all your files. They should be back in its original
place. If not, look for them in your “user” folder.
6. The program will not remove the .vcrypt files or the ransomware itself. If
everything goes ok, please remove .vcrypt files in your computer once recovered.

Note: If the malware is still running, the process will not fully work.

You may also be interested in

  • Security Status Report 2022 H1

    Security Status Report 2022 H1

  • Marvinpac

    Marvinpac: advanced managed Cyber Security services

  • cloud-professional-services-migration

    Cloud Professional Services: Migration