Emsisoft has released a Paradise Ransomware decryptor that allows victims to decrypt their files free of charge.
The Paradise Ransomware has encrypted victims for over two years and users could not get their files back if they did not recover or pay for the ransom.
Original Paradise Ransomware variant
Today, Emsisoft has released a decryption tool for the Paradise Ransomware that enables the victims to decrypt their files until the year 2017 without paying a ransom.
Below are the checked extensions that can be decrypted:
.2ksys19
.p3rf0rm4
.prt
.exploit
.immortal
.Recognizer
.sambo
.paradise (e.g. _V.0.0.1{help@badfail.info}.paradise)
.FC (e.g. _Support_{}.FC)
.sev (e.g. _Kim Chin Im_{}.sev)The Ransomware Paradise Decrypter
Victims need an encrypted or unencrypted pair of files greater than 3 KB in order to use a decryptor. It is easier to find unencrypted versions of files that you have downloaded from the Internet or copied elsewhere.
Once you have a encrypted and unencrypted pair of files, install and run Emsisoft’s Paradise Ransomware decryptor. You will then be asked to pick the versions of the file that are encrypted or unencrypted as shown below.
Select unencrypted and encrypted files
When the files are selected, click on the Start button, and the decrypter attempts to brute the decryption key. When a key is found, the decryptor shows an alert and loads the key.
Brute forced key
Press OK and you can add the drives that you want to decrypt to a screen. The drive C: is added to the decryptor. After the drives have been selected, click on the Decrypt button in order to start the decryption process.
Decrypting Files