As part of Kaspersky Lab's ongoing commitment to protect users from the latest ransomware programs, company specialists have developed a decryption tool to help CryptXXX victims recover their encrypted files.
The highly malicious CryptXXX ransomware program attacks Windows devices, aiming to lock files, copy data and steal Bitcoins.
The CryptXXX ransomware program is distributed to Internet users via spam email containing "infected" attachments or links that lead to malicious web pages.
CryptXXX is also distributed through webpages that include an Angler Exploit Kit (EK). While running, ransomware encrypts files of the "infected" system and adds a .crypt extension to the file name.
Victims are informed that their files are encrypted using RSA-4096 - a stronger encryption algorithm. If victims wish to release their data, the ransomware program requires a ransom in bitcoins.
With over 50 families of ransomware in free circulation today, there is no one universal algorithm to address the threat or impact of attacks. However, in the case of CryptXXX, it turned out that the criminals' claims of using the RSA-4096 algorithm were misleading.
Thus, Kaspersky Lab has been able to develop a decryption tool, which is now available in support website of the Kaspersky Lab.
Thanks to the work of Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab, who developed the tool, victims can be sure that even if CryptXXX has found its way into their systems, it is possible to recover their files without to pay a ransom. To decrypt the affected files, the Kaspersky Lab utility will need the original (unencrypted) version of at least one file that has been attacked by CryptXXX.
Users of Kaspersky Lab solutions are further protected because the Angler exploit kit used by the CryptXXX ransomware is detected in the early stages of "infection" by technology Automatic Exploit Prevention in Kaspersky Lab's solutions.
Kaspersky Lab products detect this exploit kit under the following codenames: HEUR: Exploit.SWF.Agent.gen, PDM: Exploit.Win32.Generic και HEUR: Exploit.Script.Generic.
To protect users from 'infections'aspersky Lab recommends users:
- Make backups at regular intervals
- Install all critical updates for their operating system and browsers. The Angler exploit kit, which is used by CryptXXX, exploits the software vulnerabilities to download and install the ransomware.
- Install a Reliable Security Solution Like The Kaspersky Internet Security, which provides multilevel protection against ransomware programs, or Kaspersky Total Security, offering complete protection, providing automatic backups.
More information about CryptXXX is available on the dedicated website Kaspersky Daily.