This is just a short, off-schedule post for the important topic. In late April Kaspersky Lab reported that it has a tool to crack the encryption of CryptoXXX, a nasty ransomware which demands a larger ransom than most of the others. It turned out that the RannohDecryptor utility which was initially created to decrypt files affected by Rannoh ransomware, could be used to crack CryptXXX as well. Or could have been. Because this news have definitely caught the attention of the miscreants behind CryptXXX: they have updated their “tool” in order to make RannohDecryptor useless against this ransomware.
How to beat CryptXXX again: an update #noransomTweet
“Criminals and trolls had their laugh… for a few days”, writes Jeff Esposito with Kaspersky Daily. “But we don’t like to let criminals or trolls win, and are happy to announce that our team has updated our decryption tool to adapt to the second version of CryptXXX in our RannohDecryptor 188.8.131.52.”
“The updated version of CryptXXX ransomware has been successfully decrypted; and a new version of the Kaspersky Lab decryption tool can now help the victims of CryptXXX v2. This tool supports the decryption of about 40 popular file formats, including documents, archives, images, etc. Unfortunately, it is not possible to decrypt any arbitrary file format.
We have made the new tool even more easy to use. To decrypt files affected by CryptXXX v2, users don’t need an original copy of any files. Users of the previous versions of this utility will have the opportunity to automatically download the updated version,” notes Fedor Sinitsyn, senior malware analyst at Kaspersky Lab.
Please check out details here at Kaspersky Daily.