Rakhni Decryptor

Ransomware · Decryptors · aes_ni ransom

· Activeaes_ni ransom · by Kaspersky Lab

Provider

Kaspersky Lab

Status

active

Released

—

Group

aes_ni ransom

Reference Links

Download decryptor

Kaspersky Lab · media.kaspersky.com

open ↗

Provider page — Kaspersky Lab

Kaspersky Lab · kaspersky.com

open ↗

How-to guide

Kaspersky Lab · nomoreransom.org

open ↗

Description

RakhniDecryptor is a tool provided by Kaspersky to decrypt files encrypted by Trojan-Ransom.Win32.Rakhni.

RakhniDecryptor is a tool provided by Kaspersky to decrypt files encrypted by Trojan-Ransom.Win32.Rakhni. Before using the tool, the ransomware must be completely removed from the system. Otherwise, files may be re-encrypted during or after the decryption process. The ransomware creates a file named exit.hhr.oshit, which contains encrypted password data required for faster decryption. If this file is still present on the system, decryption will be quicker. If it was deleted, it can be recovered using file recovery tools and placed back into the %APPDATA% directory. Supported Encrypted File Extensions • .locked • .kraken • .darkness Decryption Process (High Level) 1. Download and run RakhniDecryptor.exe on the infected system. 2. Configure scan parameters (hard drives, removable drives, network drives). 3. Start the scan and select one encrypted file when prompted. 4. The tool attempts to recover the encryption password and decrypt files. Important Notes • Password recovery may take a long time (up to several days). • The system should not be shut down and the tool should not be closed during decryption. • Successful decryption is not guaranteed for all files and depends on file integrity and available data.

Affected File Extensions

.locked.kraken.darkness

Other decryptors for aes_ni ransom (1)

AES_NI Decryptor

by Avast