As part of its ongoing commitment Kaspersky Lab για την προστασία των χρηστών από τα πιο πρόσφατα ransomware προγράμματα, οι ειδικοί της εταιρείας ανέπτυξαν ένα εργαλείο αποκρυπτογράφησης, για να βοηθήσουν τα θύματα του CryptXXX να ανακτήσουν τα κρυπτογραφημένα αρχεία τους.
The highly malicious CryptXXX ransomware program attacks Windows devices to lock files, copy data, and steal Bitcoins.
The CryptXXX ransomware program is distributed to Internet users via spam email containing "infected" attachments or links that lead to malicious web pages.
CryptXXX is also distributed through webpages that include an Angler Exploit Kit (EK). While running, ransomware encrypts files of the "infected" system and adds a .crypt extension to the file name.
Victims are informed that their files are encrypted using RSA-4096 - a stronger encryption algorithm. If victims wish to release their data, the ransomware program requires a ransom in bitcoins.
With over 50 families of ransomware programs running today freely, there is no universal algorithm to deal with the threat or impact of attacks. However, in the case of CryptXXX, it turned out that criminals' allegations that they are using the RSA-4096 algorithm were misleading.
Thus, Kaspersky Lab was able to develop a decryption tool, which is now available in support website of the Kaspersky Lab.
Χάρη στη δουλειά του Fedor Sinitsyn, Senior Malware Kaspersky Lab analyst, who developed the tool, victims can be sure that even if CryptXXX has found its way into their systems, it is possible to recover their files without paying a ransom. To decrypt the affected files, the Kaspersky Lab utility will need the original (unencrypted) version of at least one file that has been attacked by CryptXXX.
Users of Kaspersky Lab solutions are further protected because the Angler exploit kit used by CryptXXX ransomware is detected at the early stages of "infection" by technology Automatic Exploit Prevention in Kaspersky Lab's solutions.
The products of Kaspersky Lab detect this exploit kit, under the following code names: HEUR: Exploit.SWF.Agent.gen, PDM: Exploit.Win32.Generic and HEUR: Exploit.Script.Generic.
To protect users from 'infections'aspersky Lab recommends users:
- Make backups at regular intervals
- Install all critical updates for their operating system and browsers. The Angler exploit kit, which is used by CryptXXX, exploits the software vulnerabilities to download and install the ransomware.
- Install a Reliable Security Solution Like The Kaspersky Internet Security, which provides multilevel protection against ransomware programs, or Kaspersky Total Security, offering complete protection, providing automatic backups.
More information about CryptXXX is available on the dedicated website Kaspersky Daily.