Mira Decryptor

Decrypt files that were encrypted by Mira ransomware.

F-Secure Decryptor for Mira Ransomware

About the Tool

F-Secure Decryptor for Mira Ransomware helps you decrypt files that were encrypted by the ransomware known as Mira.

It is important to run the tool on the specific computer where the files were originally encrypted. This is because the recovery key for each files are calculated from the computer where the files got encrypted.

This tool requires Administrator rights in order to execute properly. 

NOTE: This is an F-Secure Labs support tool. It is provided "as is" without warranty or product support.

Download Mira Decryptor


  1. Extract the package "F-SecureDecryptorForMiraRansomware.zip" to any folder. Password is "novirus"
  2. On the same folder location where the tool was extracted, open up a command line and run it with "Administrator" privilege.  Here's an example how:
    a. Press "Window" button + "R" together to open up a Run dialogue
    b. Enter this command <runas /user:Administrator "%comspec% /K \"cd %~dp0 \" ">
    c. Change "/user:Administrator" to the actual administrator account of the machine as necessary
    d. Enter the password of the Administrator user
  3. Run the tool "F-SecureDecryptorForMiraRansomware.exe"
  4. The tool prints USAGE and exit if arguments are not provided:
    a. /decrypt - Search for encrypted files and decrypt them
    b. /nolog   - This flag suppresses log file creation
    c. /nobackup - This flag suppresses backup creation
    d. /accepteult -  This flag suppresses the display of the license
  5. The tool will automatically search for all encrypted files in the system and will decrypt the encrypted files.
A video on how the tool works in action is available at https://www.youtube.com/watch?v=WhTKSTQCGqM.