December 23, 2016

Becoming a victim of ransomware is easy enough to do, but decrypting it without paying off the ransom is often very difficult, if not impossible.

What makes it more difficult is if the ransomware is very sophisticated. That is where Kaspersky Lab comes into play as it released a decryptor for files locked with the latest version of CryptXXX.

This malicious program was capable of infecting thousands of PCs around the world since April 2016, and it was impossible to fully decrypt the files affected by it, but not anymore.

The RannohDecryptor tool by Kaspersky Lab can decrypt most files with .crypt, .cryp1 and .crypz extensions. There is no cost for the tool.

CryptXXX is one of the most actively distributed and dangerous families of ransomware; for a long time, criminals used the Angler and Neutrino exploit kits to infect victims with this malware. These two kits were among the most effective in terms of successfully infecting targets.

Since April 2016, Kaspersky Lab products registered attacks by CryptXXX against at least 80,000 users around the world. More than half of them located in six countries: U.S., Russia, Germany, Japan, India and Canada.

Kaspersky Lab experts estimate there may be several hundred thousand infected users.

“Our advice to the victims of different ransomware families is the following: Even if there is currently no decryption tool available for the version of malware that encrypted your files, please don’t pay the ransom to criminals. Save the corrupt files and be patient – the probability of a decryption tool emerging in the near future is high. We consider the case of CryptXXX v.3 as proof of this advice. Multiple security specialists around the world are continuously working hard to be able to help victims of ransomware. Sooner or later the solution to the vast majority of ransomware will be found,” said Anton Ivanov, security expert at Kaspersky Lab.

The decryption tool can end up downloaded from Kaspersky Lab and from – the not-for-profit initiative launched this year by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies, Kaspersky Lab and Intel Security, with the goal of helping victims of ransomware to retrieve their encrypted data without having to pay the criminals.

News Courtesy :