360 Ransomware Decryption Tool released. Stay safe from Petya and WannaCry!

Jul 12, 2017360TS

Petya ransomware, along with its variant GoldenEye, has struck governments, companies and individuals worldwide. This ransomware outbreak is so disastrous that even those who have patched their Windows systems may still get attacked, causing huge financial losses.

To fight against cybercriminals, 360 has created Ransomware Decryption Tool to save computers hijacked by ransomware. This tool can bring back files from more than 80 ransomware. Petya, GoldenEye and their notorious precedent WannaCry are all on the decryption support list.

360 Ransomware Decryption Tool released! Stay safe from Petya and WannaCry!

To unlock a Petya-infected PC, please take the steps below.

【Decryption instructions for the Petya’s GoldenEye variant

1. Download 360 Ransomware Decryption Tool

2. Open 360 Ransomware Decryption Tool and click the yellow banner on the top to start the decryption process.

1. Open 360 Ransomware Decryption Tool and click the yellow banner on the top to start the decryption process.

3. Enter your personal decryption code in the ransom note (See the red box highlighted in the screenshot below). 360 Ransomware Decryption Tool will start calculating the decryption key.

2. Enter your personal decryption code in the ransom note to get your decryption key.

4. Get your decryption key.

3. Get your decryption key.

5. Enter the decryption key on the ransom note to unlock your PC.

4. Get your decryption key.

6. Important Note: If you entered the key incorrectly, you would see the message below. In this situation, do not continue to enter the key. Reboot your PC and enter the key again.

5. If you entered the key incorrectly, do not continue to enter the key. Reboot your PC and enter the key again.

7. Now your operating system is unlocked.

6. Now your operating system is unlocked.

【Decryption instructions for the Red Skeleton Version】

Follow the same steps mentioned previously. (The decryption code is longer than the one  in the GoldenEye ransom note.)

7. The decryption code is longer than the one in the GoldenEye ransom note

After entering your decryption key, you will see the message below. This means your system has been unlocked.

8. System unlock
If you are using Windows 7 or a later version, Petya encrypts not only your system but also files in the infected PC. The hijacked files are appended with an 8-character extension name. The ransomware also creates a file “YOUR_FILES_ARE_ENCRYPTED.TXT” in the desktop folder.

9. 8-character extension name
To save your files, use 360 Ransomware Decryption Tool to scan the folder where your files are encrypted.

10. Scan the folder where your files are encrypted.

Wait until 360 Ransomware Decryption Tool brings your files back. (Do  not turn off the tool before the process completes, or files may be corrupted).

11. Wait until 360 Ransomware Decryption Tool brings your files back. Don't turn off the tool before decryption completes.

Ransomware is not an one time attack. Check our Anti-Ransomware Arsenal, including 360 Document Protector and NSA Cyber Weapons Defense Tool, prepared to protect you against ransomware. Your safety is 360’s biggest concern of all time.

Learn more about 360 Anti-Ransomware Arsenal:

360 NSA Cyber Weapons Defense Tool – Protect yourself from WannaCry Ransomware and following attacks

– 360 Document Protector – The Ransomware Terminator