Free tools to search decrypters for encrypted files

The Bitdefender company, addressing the problems that affect many people around the world, has created a new tool called Bitdefender Ransomware Recognition Tool (BRRT). Thanks to it, users who have been victims of a ransomware attack will be able to identify a family of malware based on samples of encrypted files, and then receive a solution that will help in decrypting the data.

Ransomware reconnaissance instruction

1. Download the BRRT tool.

2. Run the downloaded program - allow administrator rights and accept the EULA license.

3. The tool has two fields to fill:

  • the location of the ransom note file (usually an HTML or TXT file located in every folder with encrypted files)
  • the location of any folder with encrypted files

Indicate the location of the required files.

5. Press "Scan". If only one location is indicated, the tool will display a warning about an inaccurate recognition result.


Without the ransom information file, the identification of the ransomware is significantly hampered.

The content of the "ransom-note" window is sent for automatic analysis to the Bitdefender cloud. If the search was successful, the user will receive a list of potential threats with a percentage matching probability.


Unfortunately, the BRRT tool indicates decryptors developed only by Bitdefender, which negatively affects finding a decrypting tool.

If the Bitdefender Ransomware Recognition Tool matches the encrypted files to an existing decryptor, it will indicate a link to download it.


In the event that the decryptor is not found, all is not lost.

There is no decryptor. What's next?

Did Bitdefender Ransomware Recognition Tool not find the decryptor? Not all is lost yet. Here's what you can do:

1. First of all, visit this page (choose Polish language), which, like the BRRT tool, helps in identifying a particular ransomware, but it contains a much larger database of these viruses (432 ransomware variants). As in the above instructions, please provide a ransom demand file and a sample of the encrypted file.


Files can be decrypted? You can now search for the decryptor.

In the above screenshot, the ransomware was identified, which encrypted the user's files. You can easily decrypt them by finding a decryptor for the TeslaCrypt ransomware.

Where to search for decryptors?

Fortunately, all the best decryptors are in only two places:

  • The No-More-Ransom project page contains decryptors for all major encryption viruses. Most of them were developed by Kaspersky Lab and Emsisoft.
  • Dozens of descriptors were developed by Emsisoft. All are available on this site .

It still did not work. What remains?

Do you already know (or still do not know) which ransomware option has encrypted your files, but the decryptor is not available? The last resort is the service from AVLab. We will try to decrypt your files for which there are no official decrypters. Contact us . The file decryption service is payable. The price of decrypting files depends on the complexity of the task and starts from 1000 PLN.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.