As part of Kaspersky Lab's ongoing commitment to protecting users from the most recently ransomware programs, the company's experts developed a decryption tool to help CryptXXX victims recover their encrypted files.
Especially malicious ransomware program CryptXXX attacks Windows devices, aiming to lock files, copy data and steal Bitcoins.
The CryptXXX ransomware program is distributed to Internet users via spam email containing "infected" attachments or links that lead to malicious web pages.
CryptXXX is also distributed through web pages that include a Angler Exploit Kit (EK). When executed, the ransomware encrypts files of the "infected" system and adds a .crypt extension to the file name.
Victims are informed that their files are encrypted using RSA-4096 - a stronger encryption algorithm. If victims wish to release their data, the ransomware program requires a ransom in bitcoins.
With over 50 families of ransomware programs running today freely, there is no universal algorithm to deal with the threat or impact of attacks. However, in the case of CryptXXX, it turned out that criminals' allegations that they are using the RSA-4096 algorithm were misleading.
Thus, Kaspersky Lab has been able to develop a decryption tool, which is now available in support website of the Kaspersky Lab.
Thanks to the work of Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab, who developed the tool, victims can be sure that even if CryptXXX has found its way into their systems, it is possible to recover their files without to pay a ransom. To decrypt the affected files, the Kaspersky Lab utility will need the original (unencrypted) version of at least one file that has been attacked by CryptXXX.
Users of Kaspersky Lab solutions are further protected because the Angler exploit kit used by CryptXXX ransomware is detected at the early stages of "infection" by technology Automatic Exploit Prevention in Kaspersky Lab's solutions.
Kaspersky Lab products locate this exploit kit under the following code names: HEUR: Exploit.SWF.Agent.gen, PDM: Exploit.Win32.Generic and HEUR: Exploit.Script.Generic.
To protect users from 'infections'aspersky Lab recommends users:
- To create copies security at regular intervals
- Install all critical updates for their operating system and browsers. The Angler exploit kit, which is used by CryptXXX, exploits the software vulnerabilities to download and install the ransomware.
- Install a Reliable Security Solution Like The Kaspersky Internet Security, which provides multilevel protection against ransomware programs, or Kaspersky Total Security, offering complete protection, providing automatic backups.
More information about CryptXXX is available on the dedicated website Kaspersky Daily.