While viruses corrupted systems, Ransomware did even worse. These rogue programs can encrypt your files, leaving you with zero access. If you do not have backups, then the only way out of this is to pay money to the authors of the Ransomware or see if a Ransomware Decryption Tool has been released for it. McAfee has developed, McAfee Ransomware Recover (Mr2), a framework which can help in decrypting files which have been decrypted by Ransomware.
McAfee Ransomware Recover (Mr2)
Mr2 is a tool and a platform which not only unlock user files, applications, databases, and other encrypted files but is also available for the security community. It is available for free to everyone. They can use the platform with the decryption keys and decryption logic they have to unlock files. McAfee promises to keep the platform updated as they find new keys and decryption logic.
How to use McAfee Ransomware Recover (Mr2)
Its a command line tool, and comes with a set of options you will have to apply to decrypt the files. Best part, they are simple, and anyone can use it with basic knowledge of using a computer. Here are the useful options:
- -list – Shows list of all decryption tools available on the cloud, and those available on your computer with **.
- -get– Download decryption tool for given name and version.
- -run – Run the decryption tool.
Now that you have this installed, first identify the name of the Ransomware on your computer. Also, note the version number.
Then go to Programs list in the Start menu, and locate the McAfee Ransomware tool. You can also find it under recently installed programs if you installed it recently.
When you click on it, it launches the command prompt.
In this post, I am assuming “stampado” is the name of the Ransomware, with version 1.0.0
When Ransomware locks your files, you get a lock-screen as below.
It will tell you about the data which are decrypted, and how much time you have before they are gone forever, and how to connect with them. If you pay, they send out a code to unlock all your files. That’s what the McAfee Ransomware decryptor tool does for you.
If you notice the image carefully, it has two crucial information. First is the email-id where it asks you to connect. Second is the “Get the code?” box. The McAfee tool will generate the code using the email id. It might be different for other Ransomware.
Next, follow these steps to decrypt the files:
Execute the command MfeDecrypt -list (This will display the list of Ransomware solution available on the cloud).
To download the recovery tool, run MfeDecrypt -get stampado -ver 1.0.0. It will also download any dependencies.
To start decrypting the files run MfeDecrypt -run stampado -ver 1.0.0 -args “-e [email protected]”. Its the same email ID which we noted from the screen.
Once the operation is successful, copy the key, and paste into the box.
Click on Get my files box, and it will automatically unlock all your folders.
The Ransomware decryption tool doesn’t remove it from your computer. It only opens files with keys and logic.
So after this, you need to make sure that you remove the Ransomware using your security software.
Download McAfee Ransomware Recover (Mr2)
It is available for both 32-bit and 64-bit system, and you can download it from here. Make sure your computer has network connectivity, and update your antivirus with the latest update before using this tool.
Let us know if the McAfee Ransomware Recover (Mr2) helped you to recover files on your computer.
TIP: Microsoft has offered Ransomware Protection for your files and folders through OneDrive. Not only this feature backs up all your data, but it can also detect if your files are affected at the run time. If you are on Windows, we also recommend you use OneDrive for Ransomware protection.