2 min read

Bitdefender Ransomware Recognition Tool

Bogdan BOTEZATU

September 26, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Bitdefender Ransomware Recognition Tool

A tool to help ransomware victims find which family and sub-version of ransomware has encrypted their data and then get the appropriate decryption tool, if it exists.

Ransomware has grabbed the headlines ever since 2014. While most ransomware attacks can’t be defeated, Bitdefender constantly creates and updates ransomware decryption tools for families that have either vulnerable encryption algorithms or for which a master decryption key has been leaked.

This tool analyzes both the ransom note and the encrypted file samples to identify the strain of ransomware and suggest a decryption tool for the identified family, if such a tool is available.

Step 1

Download the BRR tool and save it somewhere on your computer. The latest version is always available here:

Download the Bitdefender Ransomware Recognition Tool

This tool requires an active internet connection.

Step 2

Run the BDRansomRecognitionTool.exe and allow it to execute if prompted by an UAC alert.

Step 3

Read and agree to the End User License Agreement

Step 4

The application has two fields to fill in:

Choose the path to the ransom note file or the path to a folder containing encrypted files. You can choose either option, but the tool needs at least one of the pieces of information to detect which strain of ransomware has encrypted your information. If none of the fields are filled in, you cannot proceed any further

Step 5

Press Scan. The application gives a warning if the ransom-note path is not filled in, as the detection accuracy is slightly lower in this case.

The content of the ransom note is submitted for analysis to Bitdefender cloud. If the user provides any encrypted file, NO file content will be submitted to our cloud, as the tool only analyzes the filename and its extension.

If the ransomware family cannot be identified, the user is informed about this. In some cases, multiple families of ransomware display similar features. In this case, the Bitdefender Ransomware Recognition tool displays the possible ransomware families next to an indicator of confidence. Usually the first result is the most relevant and it is displayed with the highest confidence percentage (the one with the highest percentage).

If the ransomware has an associated DecryptionTool, a link is provided in the Decryptor column.

Good news for system administrators!

If you need to run this tool on multiple computers, please use it via command line by passing it the following parameters:

-note:RANSOM_NOTE_LOCATION;

-test:ENCRYPTED_FILES_LOCATION;

Test cases :

BDRansomRecognitionTool.exe -note:C:\temp\decrypt_my_files.html; -test:C:\encrypted;

BDRansomRecognitionTool.exe -note:C:\temp\decrypt_my_files.html;

BDRansomRecognitionTool.exe  -test:C:\encrypted;

At least one of the parameters above needs to be passed to the tool and end in “;”. Also, any path provided must be absolute.

tags


Author



Right now

Top posts

A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store
Alexandra BOCEREGRăzvan GOSAAlbert ENDRE-LASZLOAlex BACIUSilviu STAHIE
7 min read
RIG Exploit Kit Swaps Dead Raccoon with Dridex RIG Exploit Kit Swaps Dead Raccoon with Dridex
Mihai NEAGUGeorge MIHALI
1 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
Silviu STAHIE

December 10, 2021

2 min read