Following the release of decryption tools for two versions of the program ransomware CryptXXX in April and May of 2016, the Kaspersky Lab presents the new decryption tool for files that have been locked in the latest version of malware. This malicious program was able to "infect" thousands of computers worldwide since April of 2016, and the files that were "infected" by it were impossible to decrypt completely. But no longer.
The free tool RannohDecryptor of Kaspersky Lab can decrypt most files with extensions.crypt,.cryp1 and.crypz.
CryptXXX is one of the most actively distributed and dangerous "families" of ransomware programs: For a long time, cyber criminals used Angler and Neutrino exploit kits to "pollute" their victims with this malware. These two kits were considered among the most effective ones in terms of "infecting" goals successfully.
Since April of 2016, Kaspersky Lab products have reported attacks of CryptXXX against at least 80.000 users around the world. Most of them are mostly from six countries: the US, Russia, Germany, Japan, India and Canada. But these are only users protected by Kaspersky Lab's detection technologies. Unfortunately, the total number of attacked users is much higher.
Actual figures are not known, but Kaspersky Lab experts estimate that there may be several hundred thousands of "infected" users.
"Our usual advice to the victims of the various" families " ransomware is this: even if there is currently no decryption tool available for the malware version that has encrypted your files, please do not ransom the criminals. Save the corrupted files and be patient - the chances of a decryption tool in the near future are very high. We consider his case CryptXXX v.3 as proof of this advice. A number of security specialists worldwide work hard to be able to help the victims of the programs ransomware. Sooner or later, the solution for the overwhelming majority will be found ransomware» said Anton Ivanov, Kaspersky Lab's security expert.
The decryption tool can be downloaded from page Kaspersky Lab and from Nomoreransom.org - the website of the non-profit initiative launched this year by the Dutch National Police Criminal Investigation Directorate, the Europol European Cybercrime Center together with two private digital security companies, Kaspersky Lab and Intel Security, to provide help victims of ransomware malware recover their encrypted data without having to pay criminals. The global fight against ransomware continues at a rapid pace, with more than 30 new partners, both public and private, joining forces to actively contribute to the No More Ransom initiative.
"Our data show that in the last year attacks on businesses have tripled, which means there is a significant change in the frequency of attacks from every 2 minutes to one 40 second. For individual users, the growth rate exceeded 20 seconds per attack and reached one attack per 10 second. This was accompanied by an increase in new types of ransomware. Too many people still believed they had no alternative but to pay the required ransom, even if it is known that many of the ransomers have never taken back their records - among which one in five businesses. For this, this development now provides a life saving alternative as it allows you to unlock your files without paying a ransom, said Jornt van der Wiel, a security researcher at Kaspersky Lab's Worldwide Research and Analysis Group.