Good news for the victims of ransomware, the security experts at Kaspersky Lab have successfully cracked the CryptXXX ransomware.
The CryptXXX ransomware was first spotted by experts from Proofpoint in April when a number of compromised websites hosting the Angler exploit kit were abused to serve the threat and infect Windows machines.
CryptXXX encrypts local files and any other document present on every connected data storage a short time after the PC has been infected. The threat also steals Bitcoins from the victim’s machines.
The malware authors use the delay in order to make harder for victims the identifications of the malicious website used to compromise their machines.
The files are encrypted with RSA4096 encryption and the CryptXXX ransomware demands the payment of a $500 ransom in bitcoins for decrypting the data back.
Like other ransomware, CryptXXX instructs victims about the payment process, it drops an image on the desktop containing the instructions to download the Tor browser and access an Onion service containing the instructions.
Now experts at Kaspersky cracked the CryptXXX ransomware and released the RannohDecryptor utility, that was initially designed to recover files encrypted by the Rannoh ransomware.
Victims of the CryptXXX ransomware have to use it by providing an original (not encrypted) version of at least one file present on the infected machine.
Below the instructions published by Kaspersky in a blog post:
Then you need to do the following:
(Security Affairs – CryptXXX ransomware , cybercrime)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.