As part of its ongoing commitment Kaspersky Lab για την προστασία των χρηστών από τα πιο πρόσφατα ransomware προγράμματα, οι ειδικοί της εταιρείας ανέπτυξαν ένα εργαλείο αποκρυπτογράφησης, για να βοηθήσουν τα θύματα του CryptXXX να ανακτήσουν τα κρυπτογραφημένα archives their.
The particularly malicious ransomware program CryptXXX attacks Windows devices, aiming to lock files, copy data and steal Bitcoins.
The CryptXXX ransomware program is distributed to Internet users via spam email containing "infected" attachments or links that lead to malicious web pages.
CryptXXX is also distributed through webpages that include an Angler Exploit Kit (EK). While running, ransomware encrypts files of the "infected" system and adds a .crypt extension to the file name.
Victims are informed that their files are encrypted using RSA-4096 - a stronger encryption algorithm. If victims wish to release their data, the ransomware program requires a ransom in bitcoins.
With over 50 families of ransomware programs running today freely, there is no universal algorithm to deal with the threat or impact of attacks. However, in the case of CryptXXX, it turned out that criminals' allegations that they are using the RSA-4096 algorithm were misleading.
Thus, Kaspersky Lab has been able to develop a decryption tool, which is now available in support website of the Kaspersky Lab.
Thanks to the work of Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab, who developed the tool, victims can be sure that even if CryptXXX has found its way into their systems, it is possible to recover their files without to pay a ransom. To decrypt the affected files, the Kaspersky Lab utility will need the original (unencrypted) version of at least one file that has been attacked by CryptXXX.
Users of Kaspersky Lab solutions are further protected because the Angler exploit kit used by CryptXXX ransomware is detected at the early stages of "infection" by technology Automatic Exploit Prevention in Kaspersky Lab's solutions.
Τα προϊόντα της Κaspersky Lab εντοπίζουν αυτό το exploit kit, υπό τις ακόλουθες κωδικές ονομασίες: HEUR: Exploit.SWF.Agent.gen, PDM: Exploit.Win32.Generic και HEUR: Exploit.Script.Generic.
To protect users from 'infections'aspersky Lab recommends users:
- Make backups at regular intervals
- Να εγκαθιστούν όλες τις κρίσιμες ενημερώσεις για το λειτουργικό σύστημα και τα προγράμματα περιήγησης τους. Το Angler exploit kit, το οποίο χρησιμοποιείται από το CryptXXX, αξιοποιεί τις ευπάθειες του software για να «κατεβάσει» και να εγκαταστήσει το ransomware.
- Install a Reliable Security Solution Like The Kaspersky Internet Security, which provides multilevel protection against ransomware programs, or Kaspersky Total Security, offering complete protection, providing automatic backups.
More information about CryptXXX is available on the dedicated website Kaspersky Daily.