Mirrors/darkwebinformer-vect-ransomware-decryptor
1
0
Fork 0
mirror of https://github.com/DarkWebInformer/vect-ransomware-decryptor.git synced 2026-06-08 19:27:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Dark Web Informer
2026-05-02 03:33:38 +02:00
committed by GitHub
parent 984d3b3318
commit 71366168d2
4 changed files with 436 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.txt
+67
View File
@@ -0,0 +1,67 @@
This tool decrypts files encrypted by VECT ransomware at no cost.
REQUIREMENTS (to run recovery)
- Encryptor binary (the malware executable, same strain that locked the files)
- At least one encrypted sample file (.vect1)
- Usually a Windows PC where the infected files live (paths below use Windows-style names)
REQUIREMENTS (to compile from source)
- Go toolchain (see go.mod for the minimum version)
- Network once, so Go can fetch dependencies when you build
BUILD
1. Copy or clone this decryptor folder onto your machine.
2. Open a terminal in that folder (on Windows: Command Prompt or PowerShell, cd into the folder).
3. Fetch modules and compile:
go build -o vect1_decryptor.exe .
On Linux or macOS the binary name omits ".exe"; use any name you like.
4. You should now have vect1_decryptor.exe (or vect1_decryptor) in that folder.
To produce a Windows .exe from another OS when Go cross-build is configured:
GOOS=windows GOARCH=amd64 go build -o vect1_decryptor.exe .
USAGE
The tool is a command-line program. Put the ransomware EXE somewhere you can reference, collect your .vect1 files under one directory, then run ONE of these patterns from a terminal opened in any directory (adjust paths accordingly).
Easiest mode: recover key from your binary plus one sample under -target and decrypt everything .vect1 under that folder:
vect1_decryptor.exe auto -binary C:\Recovery\encryptor.exe -target D:\EncryptedFiles [-backup] [-hexdump]
"-backup" saves a ".vect1.bak" copy before overwriting.
"-hexdump" prints a short byte preview for troubleshooting.
Step-by-step (same folder shortcut)
1. Copy vect1_decryptor.exe and the ransomware exe into one folder.
2. Put your encrypted (.vect1) files in that folder, or anywhere under one parent folder; that parent is what you give as "-target".
3. Open Command Prompt or PowerShell, change to wherever you stored the tools, run auto with paths you actually use:
cd C:\Recovery
vect1_decryptor.exe auto -binary name_of_encryptor.exe -target .
4. The program reads the ransomware binary for the key using an encrypted sample it finds under -target, then decrypts all .vect1 files there and strips the ".vect1" extension from their names.
Other commands
Extract key only (prints hex):
vect1_decryptor.exe extract-key -binary encryptor.exe -sample file.docx.vect1 [-out key.txt]
Decrypt later if you already have the hex key (64 hex characters = 32 bytes):
vect1_decryptor.exe decrypt -target D:\EncryptedFiles -key <hex64> [-backup] [-hexdump]
Need help?
vect1_decryptor.exe
with no arguments prints the brief built-in syntax.
-- SHHQ Ransomware Response & Recovery Unit (RRU)