Master Keys for Crysis ransomware released on a forum

Pierluigi Paganini May 25, 2017

Researchers at ESET security firm have discovered that someone has released 200 master keys for the latest variants of the prominent Crysis ransomware.

While security experts continue to investigate the WannaCry attack, someone has released 200 master keys for the latest variants of the prominent Crysis ransomware. The file encrypted by this version have the .wallet and .onion extension added to their original name.

Antivirus firm ESET has used the leaked information to develop the ESET Crysis decrypting tool that is available for download on the company “utilities page.”

The master keys were posted by a new member of a forum at BleepingComputer.com that aim to help victims of this threat.

crysis ransomware

This is the third time that someone published the master key for the Crysis ransomware.

“This has become a habit of the Crysis operators lately – with this being the third time keys were released in this manner. Since the last set of decryption keys was published, Crysis ransomware attacks have been detected by our systems over ten thousand times.” reads the blog post published by ESET.

Decryption tools allow victims of the ransomware-based campaigns to restore their files without paying the ransom to the criminal organizations.

Recently the Quarkslab researcher, Adrien Guinet, has published a software, called Wanadecrypt, he used to recover the decryption key required to restore the files on an infected XP computer. The expert successfully tested the Wanadecrypt software on a small number of infected XP computers, but it is not clear if the technique works on every PC.

The technique devised by Adrien Guinet allows retrieving the secret encryption keys used by the WannaCry ransomware for free, it works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.

Security researcher Benjamin Delpy developed another tool called WanaKiwi that not only retrieve the prime numbers from the memory but automate the whole decryption process of the WannaCry-infected files.

WanaKiwi works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 as explained by Matt Suiche from security firm Comae Technologies.

Despite the efforts of law enforcement and security firms in the fights against ransomware, this category of malware remains one of the most dangerous computer threats. Prevention is essential in keeping users safe.

“Prevention is essential in keeping users safe. Therefore, we recommend that all users keep their operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).” concluded ESET.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Crysis ransomware, hacking)

[adrotate banner=”13″]



you might also like

leave a comment