A decryptor for the Everbe Ransomware was released by Michael Gillespie and Maxime Meignan that allows victims to get their files back for free.  It is not known how this ransomware is currently being distributed, but as long as victims have an unencrypted version of an encrypted file, they can use them to brute force the decryption key.

When victims are infected, their files will be encrypted and will  have the .[[email protected]].everbe, .embrace, or .pain extensions appended to the encrypted file’s name.

Files Encrypted by the Everbe Ransomware

In each folder that a file is encrypted, the ransomware will also create a ransom note named !=How_recovery_files=!.txt that instructs the victim to email [email protected] for payment information. 

Everbe Ransom Note
Everbe Ransom Note

For those who have been infected by the Everbe Ransomware and have files that are encrypted, you can use the guide below to decrypt your files for free. If you need help decrypting your files, feel free to ask in the Everbe Ransomware Help Topic.

How to Decrypt the Everbe Ransomware

Victims of the Everbe ransomware can be identified by having their files encrypted and renamed to have a .everbe, .pain, or .embrace extensions. To decrypt files encrypted by the Everbe ransomware, you need to first download the InsaneCrypt Decryptor below, which also supports Everbe.

Once downloaded, simply double-click on the executable to start the decryptor and you will be greeted with the main screen.

Decryptor Screen
Decryptor Screen

In order to brute force the decryption key, we need an encrypted files and its original unencrypted version. Once we…