Victory. Again: Kaspersky Lab Finds a Way to Unlock Files Encrypted with CryptXXX Ransomware
After releasing decryption tools for two variants of
CryptXXX ransomware in April and May 2016, Kaspersky Lab is releasing a new
decryptor for files that have been locked with the latest version of the
malware. This malicious program was capable of infecting thousands of PCs
around the world since April 2016, and it was impossible to fully decrypt the
files affected by it. But not anymore.
The free RannohDecryptor tool by Kaspersky Lab can decrypt
most files with .crypt, .cryp1 and .crypz extensions.
CryptXXX is one of the most actively distributed and
dangerous families of ransomware: for a long time criminals used the Angler and
Neutrino exploit kits to infect victims with this malware. These two kits were
considered among the most effective in terms of successfully infecting
targets.
Since April 2016, Kaspersky Lab products have registered
attacks by CryptXXX against at least 80,000 users around the world. More than
half of them located in only six countries: the US, Russia, Germany, Japan,
India and Canada.
But these are only users that were protected by Kaspersky
Lab’s detection technologies. Unfortunately the total number of attacked users
is much higher. The actual figure is not known, but Kaspersky Lab experts
estimate that there may be several hundred thousand infected users.
“Our regular advice to the victims of different ransomware
families is the following: even if there is currently no decryption tool
available for the version of malware that encrypted your files, please don’t
pay the ransom to criminals. Save the corrupt files and be patient – the
probability of a decryption tool emerging in the near future is high. We
consider the case of CryptXXX v.3 as proof of this advice. Multiple security
specialists around the world are continuously working hard to be able to help
victims of ransomware. Sooner or later the solution to the vast majority of
ransomware will be found,” said Anton Ivanov, security expert at Kaspersky Lab.
The decryption tool can be downloaded from Kaspersky Lab’s
website and from Nomoreransom.org – the website of the not-for-profit
initiative launched this year by the National High Tech Crime Unit of the
Netherlands’ police, Europol’s European Cybercrime Centre and two cyber
security companies, Kaspersky Lab and Intel Security, with the goal of helping
victims of ransomware to retrieve their encrypted data without having to pay
the criminals.
Our other advice is to think proactively and protect
yourself in advance. It’s much more convenient not to get your files corrupted
in the first place. To do this, follow these two simple steps:
1. Back up your data regularly on a detachable media that is
not kept connected to your computer all the time.
2. Install a good security solution. By the way, recent
independent studies showed that Kaspersky Internet Security is extremely good
against ransomware.
Learn more about the CryptXXX ransomware family on
Securelist.com.
Victory. Again: Kaspersky Lab Finds a Way to Unlock Files Encrypted with CryptXXX Ransomware
Reviewed by JD
on
6:20 AM
Rating:
No comments