A Kaspersky Lab expert has developed a decryption tool to help victims of CryptXXX restore encrypted files. The particularly malicious CryptXXX ransomware targets Windows devices in order to lock files, copy data and steal Bitcoins.
The CryptXXX ransomware is distributed to Internet users via spam emails, which contain infected attachments or links to malicious websites. Web pages hosting an Angler Exploit Kit (EK) are distributing CryptXXX. Upon execution, the ransomware encrypts the infected system’s files and appends a .crypt extension to the filename. Victims are informed that their files are encrypted with the help of RSA-4096 — a stronger encryption algorithm — and a ransom in bitcoins is then demanded if victims wish to release their data.
With more than 50 families of ransomware currently in the wild, there is no single universal algorithm to counter the threat or impact of attacks. However, in the case of CryptXXX the criminals’ claims about RSA-4096 turned out to be just a boast, and Kaspersky Lab was able to develop a decryption tool which is now available from Kaspersky Lab’s support website.
Because of the work of Fedor Sinitsyn, senior malware analyst at Kaspersky Lab, who developed the tool, victims can be assured that if CryptXXX ransomware has found its way into their systems, it is still possible to recover files without footing the ransom. In order to decrypt the affected files, the Kaspersky Lab utility will need the original (not encrypted) version of at least one file, which has suffered from CryptXXX.
Users of Kaspersky Lab solutions are further protected because the Angler exploit kit used by the CryptXXX ransomware is detected in the early stages of infection by the Automatic Exploit Prevention technology in Kaspersky Lab solutions.
Kaspersky Lab products detect this exploit kit under the following verdicts: HEUR:Exploit.SWF.Agent.gen, PDM:Exploit.Win32.Generic, HEUR:Exploit.Script.Generic.
To protect themselves from infection users should do the following:
* Backup regularly.
* Install all critical updates for your OS and browsers. The Angler exploit kit, which is used by CryptXXX, leverages software vulnerabilities to download and install the ransomware.
* Install a security solution Kaspersky Internet Security provides a multi-layered protection from ransomware Kaspersky Total Security can complement the all-round protection, providing automatic backups.