May 13, 2016

Update: CryptXXX solved again

Advice News Threats Tips

At the tail end of last month, we announced that our researchers had developed a decryption tool to beat CryptXXX ransomware and help the victims get their files back for free. Earlier this week, we discovered that the ransomware had evolved to stop our tool from working. Criminals and trolls had their laugh… for a few days.

But we don’t like to let criminals or trolls win, and are happy to announce that our team has updated our decryption tool to adapt to the second version of CryptXXX in our RannohDecryptor 1.9.1.0.

Decrypt .crypt files encrypted by CryptXXX ransomware

The tool can be downloaded from here in English or here in Russian completely free.

Some notes on the update include:

1. We support decryption of about 40 popular file formats, including documents, archives, images, etc. Unfortunately, there is no possibility to decrypt any arbitrary file format.

2. Decryption may take some time. Generally, the 1st file gets decrypted within several minutes, and all subsequent files in a matter of seconds (each). In the worst case every file will take several minutes. The utility notifies the user prior to start with the following message:

Key recovery can take significant time

3. Original copy is not needed for Cryptxxx v2.

While this tool will help those infected decrypt their .crypt files, we know that criminals will always look to evolve to stop workarounds from good guys in cybersecurity. It is an unfortunate reality in the current world we live in. But fear not, we won’t rest and will stay vigilant to protect you.

With that said, prevention is always better than reacting after the fact. Kaspersky Lab’s security solutions proactively block CryptXXX variants as well as other forms of ransomware and malware of other kinds. We also advise that you protect your computer with a security software. You don’t have to use us, but you should use some sort of protection. If you need a reliable solution, please visit our site.

Update: Solved again! Read more about how we’re winning the war with CryptXXX here: https://blog.kaspersky.com/cryptxxx-v3-ransomware/13628/