Kaspersky's tool for decrypting CryptXXX

As part of Kaspersky Lab's ongoing commitment to protect users from the latest ransomware programs, company specialists have developed a decryption tool to help CryptXXX victims recover their encrypted files.Kaspersky ransomware

The highly malicious CryptXXX ransomware program attacks Windows devices, aiming to lock files, copy and steal Bitcoins.

The CryptXXX ransomware program is distributed to Internet users via spam email containing "infected" attachments or links that lead to malicious web pages.

CryptXXX is also distributed through webpages that include an Angler Exploit Kit (EK). While running, ransomware encrypts files of the "infected" system and adds a .crypt extension to the file name.

Victims are informed that their files are encrypted using RSA-4096 - a stronger encryption algorithm. If victims wish to release their data, the ransomware program requires a ransom in bitcoins.

With over 50 families of ransomware in free circulation today, there is no one universal to address the threat or impact of attacks. However, in the case of CryptXXX, it turned out that the criminals' claims of using the RSA-4096 algorithm were misleading.

Thus, Kaspersky Lab has been able to develop a decryption tool, which is now available in support website of the Kaspersky Lab.

Thanks to the work of Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab, who developed the tool, victims can be sure that even if CryptXXX has found its way into their systems, it is possible to recover their files without to pay a ransom. To decrypt the affected files, the Kaspersky Lab utility will need the original (unencrypted) version of at least one file that has been attacked by CryptXXX.

Users of Kaspersky Lab solutions are further protected because the Angler exploit kit used by the CryptXXX ransomware is detected in the early stages of "infection" by Automatic Exploit Prevention in Kaspersky Lab's solutions.

Kaspersky Lab products detect this exploit kit under the following codenames: HEUR: Exploit.SWF.Agent.gen, PDM: Exploit.Win32. και HEUR: Exploit..Generic.

To protect users from 'infections'aspersky Lab recommends users:

  1. Make backups at regular intervals
  2. Install all critical updates for their operating system and browsers. The Angler exploit kit, which is used by CryptXXX, exploits the software vulnerabilities to download and install the ransomware.
  3. Install a Reliable Security Solution Like The Kaspersky Internet Security, which provides multilevel protection against ransomware programs, or Kaspersky Total Security, offering complete protection, providing automatic backups.

More information about CryptXXX is available on the dedicated website Kaspersky Daily.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).