Good news for the victims of ransomware, the security experts at Kaspersky Lab have successfully cracked the CryptXXX ransomware.
The CryptXXX ransomware was first spotted by experts from Proofpoint in April when a number of compromised websites hosting the Angler exploit kit were abused to serve the threat and infect Windows machines.
CryptXXX encrypts local files and any other document present on every connected data storage a short time after the PC has been infected. The threat also steals Bitcoins from the victim’s machines.
The malware authors use the delay in order to make harder for victims the identifications of the malicious website used to compromise their machines.
The files are encrypted with RSA4096 encryption and the CryptXXX ransomware demands the payment of a $500 ransom in bitcoins for decrypting the data back.
Like other ransomware, CryptXXX instructs victims about the payment process, it drops an image on the desktop containing the instructions to download the Tor browser and access an Onion service containing the instructions.
Now experts at Kaspersky cracked the CryptXXX ransomware and released the RannohDecryptor utility, that was initially designed to recover files encrypted by the Rannoh ransomware.
Victims of the CryptXXX ransomware have to use it by providing an original (not encrypted) version of at least one file present on the infected machine.
Below the instructions published by Kaspersky in a blog post:
Then you need to do the following:
(Security Affairs – CryptXXX ransomware , cybercrime)