If you've fallen victim to the CryptXXX ransomware, security vendor Kaspersky Lab has just come out with a tool that can unlocked your encrypted files so you don't have to pay a ransom to recover them. Here are the details.
Ransomware image from Shutterstock
Australians are a popular target for ransomware attacks where files on an infected PC are encrypted and the cybercriminals responsible demand payment to have them unlocked. But even paying the ransom doesn't guarantee the files will be decrypted.
Most recently, a new strain of ransomware called CryptXXX was discovered and it is known to add .crypt extensions to the names of files it infects. The files are encrypted with the RSA4096 algorithm.
Fortunately, Kaspersky Lab has come out with a tool that can help victims get their files back. The vendor claims it has cracked the CryptXXX and has added decryption capabilities for this ransomware onto an existing tool called RannohDecryptor.
According to Kaspersky Lab:
"The RannohDecryptor utility was initially created to decrypt files, which suffered from Rannoh ransomware. In time it acquired additional and useful features. Now it can be used to cure your files from CryptXXX activity. So if CryptXXX ransomware has found its way into your system, not everything is lost. To recover your files we will need the original (not encrypted) version of at least one file, which suffered from CryptXXX. If you have more files like this backed up, this will work."
Kaspersky Labs has listed out the steps you need to take to decrypt your CryptXXX encrypted files after you download the RannohDecryptor. But the vendor doesn't want us to let our guards down against malware just because there are tools available to reverse their affects:
"It’s better not to tempt fate and prevent CryptXXX from infecting your PC beforehand. Our decryption tool works today, but criminals can soon release a new version of the same ransomware that would be smarter. Very often culprits change malware code in such a way that it becomes impossible to decrypt infected files. For example, this already happened with TeslaCryptransomware: there was once a utility tool which successfully cured encrypted files but now it’s almost useless."
You can find out more about CryptXXX on the Kaspersky Lab Security Blog.