As part of the NoMoreRansom.org initiative, the National High Tech Crime Unit of the Dutch Police was able to seize the Command & Control server for the WildFire Locker ransomware. This allowed them to recover approximately 5,800 decryption keys that were then used by McAfee and Kaspersky to create free decryptors for WildFire victims.

WildFire Locker Ransom Note

The WildFire Ransomware is an infection that primarily targeted Dutch victims and was distributed in SPAM emails pretending to be shipping information. When a victim opened the attachment, they were instead infected with the WildFire Locker Ransomware.

If you were infected with the WildFire Locker, you can download either Kaspersky's WildFire Decryptor or McAfee's WildFire Decryptor to see if you were lucky enough to have your key recovered. If you are one of the lucky ones, the decryptors should be able to decrypt your encrypted files.

WildFire Locker Decryptor Working

Unfortunately, there have also been reports from victims where the decryptor is not working for them. For these people, their key was not retrieved when the Command & Control servers were seized.

Hopefully, in the future the Dutch Police will be able apprehend the malware developers and retrieve the keys for all of the victims.