While it is true that it is important to protect communications, in the digital age in which we find ourselves, it is even more important to know how to decrypt files. In this article we will teach you how to do it correctly.
Decrypt files
Decrypting a file means revealing the content of a message whose data is hidden. For its part, the procedure that modifies the data or the text of a message, to the point of hiding it, is called encryption.
Encrypting or encrypting a file requires the use of mathematical algorithms. In this way, only knowing the decryption algorithm can the content of said file be recovered. In the same way, it must be recognized that almost all the messages that are sent through the internet are encrypted, this with the intention of making communication more secure.
In this regard, it is important to clarify that sometimes the encryption algorithm uses the same key for both encryption and decryption. While on other occasions, both are different. This results in several ways to decrypt files, including the possibility of needing decrypt files by virus.
Basically, to decrypt a logarithm of a symmetric key, that is, one that matches both processes (encryption and decryption), what you must do is try key after key until you find the correct one. In the case of asymmetric key algorithms, made up of a public and a private key, what is required is to obtain the secret information shared between the two parties.
In other words, obtaining the key to access the encrypted information using an asymmetric key algorithm means that the private key can be derived from the one that has been published. This requires the use of complex mathematical calculations.
Either way, breaking an encryption algorithm by searching for the key manually is known as a brute force attack.
Finally, it must be said that the time invested in decrypting a file varies depending on the difficulty of factoring the key, that is, on the length of the prime factors used during encryption. In addition, the processing capacity of the computer in use has an influence.
In this way, it is possible that on some occasions we will be able to decrypt a file in a few minutes, and in other cases the process takes several hours and even days or months. In the worst cases it will not be possible to decrypt the files in any way.
How to decrypt files by viruses?
Currently, there are multiple malicious applications capable of blocking our documents by encrypting the messages contained in them. The main characteristic of this type of virus, called ransonware, is that the hacker or cyber criminal requests the payment of an amount of money, as a ransom in exchange for the recovery of the hijacked content.
On the other hand, it should be mentioned that this type of computer attack is one of the most dangerous. Because, to achieve its mission, the virus executes highly complex encryption, both to the system files and to the user's files. As the type of encryption used varies for each type of ransonware, there are multiple variants of infections, making the file recovery process difficult.
If you want to know more about what ransomware is, I invite you to read our article on types of computer viruses that can damage your equipment.
For sure, there you will find information that will be useful to protect you from any kind of virus infection. Similarly, to complement, you can read the article on computer security standards.
Precisely because of this difficulty, some people agree to pay the ransom. However, it is not recommended. Especially since there is no guarantee that even paying the requested money, cybercriminals will restore the information. In addition, paying would be to support and strengthen this type of crime.
Now, having said the above, it is time to present some tools that are used to decrypt files by virus.
Decrypt files locked by Locky
Locky is a very important and popular type of virus. It is transmitted through e-mails containing files of the type .doc and .xls, which are executed by the receiver without any kind of precaution.
The first step is to download and install the Emsisoft Decrypter AutoLocky program, an easy-to-use tool exclusively for decrypting documents locked by Locky. That is, with this program it is possible to decrypt any document that has this extension, returning it to its original state.
Thus, the main advantage of this software is that, after the recovery of the documents, they can be opened from the corresponding program without having suffered some type of information loss.
Once the application is downloaded, and having accepted its terms, the next step is to run it. To do this, it is necessary to click on the name of the decrypt_autolocky.exe file.
When the installation begins, we must authorize its execution by clicking on the Yes option.
The program will automatically try to obtain the decryption key. When this is done, a message will appear on the screen notifying us about the finding and suggesting that we start decrypting only a small group of files. This is due to the possibility that the key found is not the correct one.
Later we must read and accept the terms of the license. On the next screen you can start decrypting the locked files. By default, the program starts searching for files on drive C. To add more locations to review, just click on the Add Folder option.
Finally, we choose the Decrypter option to start decrypting the files in the list that appears on the screen.
Decrypt files using antivirus programs
As we have already mentioned, there are various types of ransomware, the expansion of which has become widespread in recent years. Fortunately, antivirus software manufacturers are at the forefront, constantly looking for alternatives with which to combat the impact of these malicious programs.
As an added value, antivirus programs such as Avast and AVG are capable of decrypting files encrypted by various types of ransomware. On this point, it is important to note that both programs are free and do not present limitations for the complete cleaning of the files.
As for Avast, it is capable of decrypting files encrypted by ransomware such as: Badblock, Cryp888, SZFLocker, Apocalipsys, Bart, Alcatraz Locker, CriSys, Legion, TeslaCrypt, among others.
For its part, AVG has ransomware decryption tools such as: Badblock, Apocalipsys, Cryp888, Legion, Bart, SZFLocker and TeslaCrypt.
Decrypt files using TeslaDecoder
TeslaDecoder is a tool that allows decrypt files by virus, specifically, files encrypted by TeslaCrypt, whose endings are: .ecc, .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc and .vvv.
A peculiarity of the Teslacrypyt virus is that the mathematical logarithm it uses to encrypt files is symmetric encryption. In addition, each time the virus restarts, a new symmetric key is generated, which is stored in the last encrypted files. This results in the encryption keys not being the same for all files.
Knowing about this weakness of the virus, the manufacturers chose to use a type of algorithm that encrypts the keys and, at the same time, saves them in each encrypted file. The problem is that the robustness of the algorithm used is based on the length of the primes that function as a base, and this is not long enough.
In other words, due to the length of the stored key, it is possible to use specialized programs to retrieve it, such as TeslaDecoder.
The steps that allow you to use this program to decrypt files, They are:
First we must do is create a working folder, where we will copy a single encrypted file. If the file extension is .ecc or .ezz, we must additionally copy the key.dat file or, failing that, the Recovery_ key.txt or Recovery_file.text file.
Then we need to download the TeslaDecoder software and install it in the newly created working folder. Once we have the TeslaViewer.exe file available, we click on the Browser option.
Next, we select the encrypted file that we copied in the previous steps and we can immediately see the required encryption keys. If it is about .ecc or .ezz files, instead of selecting the encrypted file, we choose the key.dat file.
Next, we click on the Create work.txt option to create a file of that type, which will store the information just obtained.
The next thing is to prime the decryption key. To do this, you must use the FactorDB search engine, and select the Factorize! Option. At this point it may happen that the number is completely factored or that only a part of it is. In both cases, following the instructions on the screen, we can complete the factoring process.
Having the factorization result, it must be copied into the work.txt file.
Now we must enter the working folder and look for the TeslaRefactor.exe file. When we find it, we continue to execute that file. We copy the factors that are stored in work.txt in the box that appears on the screen, destined to place the decimal factors.
In that same screen, but in the next row, we must copy the Public keyBC value that is also in the work.txt file.
When we finish completing the information that is requested in each of the fields, we click on the Find private key option. TeslaRefactor will automatically rebuild the key value. By default, it will appear in the field called Private key (hex).
In this part of the process, it is important to check if the value of Product (dec) is equal to the decimal value found in the work.txt file. In other words, we must verify the value of the key.
Before continuing, we must copy the value of Private key (hex) into the work.txt file.
Now it is necessary to go to the working folder to run the Teslaecoder.exe file as Administrator. After selecting the Run as Administrator option, click on the Set key option.
In the next window, we enter the value of Private key (hex), while we must select the extensions of our files. To complete this part, we click on the Set key option.
The next thing is to do a decryption test. To do this, we look for the sample file that we initially copied into the working folder. The test starts when we click on the Decrypt Folder option, with the file in question selected.
If the file is decrypted successfully, we are ready to decrypt the rest of the encrypted files. For this, it is necessary to select the Decrypt All option.
Finally, if a file is not decrypted, it means that it had another encryption key. In such a way that it will be necessary to copy said file in the working folder and repeat the whole process.
A particular case: Decrypt a PDF file
On some occasions, it may happen that we receive an encrypted PDF file, of which we have the key to proceed to decrypt it. If this is the case, the process is fairly straightforward.
The first thing we need to do is have a PDF printer driver and a non-Adobe PDF document reader available. Foxit Reader works fine for our purpose.
In the window corresponding to the controller, we load the file in Foxit Reader. The system will ask us to enter the shared password.
After checking that all the window specifications are correctly indicated, we execute the necessary command as if we were going to print the document. That is, we send it to the PDF printer.
The result of this action is a copy of the original document, but without encryption.
Finally, we are going to answer a question that many people may ask themselves.
Is it possible to decrypt files online?
The answer to this question is quite logical if we talk about security issues.
As we have already seen, to decrypt files it is necessary that we expose part of our information in some way. So, if we were to resort to online services, we would be increasing the chances that other people have access to it, being able to use it maliciously, modifying it or even eliminating it permanently.
So there are no applications that allow us to decrypt via the internet files encrypted by some type of ransomware. In such a way that the only possible way to achieve this is by downloading and installing on our computer one of the many tools available in the network of networks, as we have mentioned throughout this article.
The final recommendation is to make sure we follow the instructions of the developers of these types of applications to the letter.