Ransomware: New free decryption key can save files locked with Cryakl

The addition by the Belgian National Police and Kaspersky Lab brings the number of decryption tools on the No More Ransom portal up to 52.
Written by Danny Palmer, Senior Writer

Video: No More Ransom: Initiative that outwits ransomware reaches first year

Victims of Cryakl ransomware are now able to get their files back without paying a ransom to cybercriminals, after the decryption key was released for free as part of the No More Ransom initiative.

Launched by Europol in 2016, the scheme brings law enforcement and private industry together in the fight against cybercrime and has helped thousands of ransomware victims retrieve their encrypted files without lining the pockets of crooks.

Cryakl has been active since September 2015 and, like other forms of ransomware, it searches an infected system for files, encrypts them, then demands payment for providing the key needed to retrieve the files. It also threatens to delete the encrypted files if payment isn't received within a week.

Unlike more recent forms of ransomware which ask for payments to be made into a cryptocurrency wallet, victims of Cryakl are asked to contact the attackers by email.

The ransomware is most prolific in Russia, but Cryakl has claimed victims across Europe. Kaspersky Lab told ZDNet there has been over 2,000 infections in Italy, over 2,000 in Germany, over 1,000 in Spain and hundreds across the UK, Belgium, France, Poland, and Austria.

Decryption tools for Cryakl ransomware have been added to the No More Ransom portal following work by the Belgian National Police and Kaspersky Lab as part of an ongoing investigation.

Now download: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)

After discovering Belgian citizens had fallen victim to Cryakl, an investigation by the Belgian Federal Computer Crime Unit was able to locate the command-and-control server in Germany.

Belgian authorities were able to seize this as well as other servers involved with the distribution of ransomware, then obtain the decryption keys with the aid of forensic analysts and input from Kaspersky Lab.

The investigation is still ongoing, but now victims of Cryakl can regain access to their encrypted files without having to pay criminals.


Victims of Cryakl can now unlock their files for free via the No More Ransom portal.

Image: iStock

"Cybersecurity experts work worldwide to help the victims, creating new, previously non-existent tools for decryption," said Jornt van der Wiel, security researcher in the global research and analysis team at Kaspersky Lab.

See also: No more ransomware: How one website is stopping the crypto-locking crooks in their tracks

"Free decryption keys for Cryakl ransomware can be considered as proof of this policy, and yet another reminder that there is always a chance of winning in the fight with criminals."

The addition of keys for Cryakl brings the total number of ransomware decryption tools available on the No More Ransom portal to 52. They can be used to decrypt 84 forms of ransomware including MarsJoke, Teslacrypt, LamdaLocker, Wildfire, and CryptXXX.

According to Europol, over 35,000 people have used No More Ransom to decrypt their files for free, preventing cyber criminals from obtaining ransoms worth over €10m.

Initially launched by Europol, the Dutch National Police, McAfee, and Kaspersky Lab, the number of partners working on No More Ransom has now risen to over 120, including 75 cybersecurity companies.

The Belgium National Police's role in helping to decrypt Cryakl has seen it promoted to become an associate partner in the scheme -- the second law enforcement body to do so after founding member the Dutch National Police.

Europol has also announced new partners for No More Ransom: the Cypriot and Estonian police are the most recent law enforcements agencies to join, while KPN, Telenor, and the College of Professionals in Information and Computing (CPIC) have joined as new private sector partners.

Now read: Cybersecurity in 2018: A roundup of predictions

"We are of course happy that the platform keeps growing and that new partners keep joining. We have always been convinced that public private partnership is crucial in the fight against ransomware, and cybercrime in general," a Europol spokesperson told ZDNet.

Since the launch of No More Ransom, the portal has received over 1.6 million visitors from a total of 180 countries. The website is available in 29 languages, with Estonian the most recent addition.

Recent and related coverage

New ransomware headache as crooks dump bitcoin for rival cryptocurrencies

The switch to new digital currencies will make life more difficult, according to one police chief.

Ransomware gets easier for would-be crooks as developers offer malware-as-a-service

A new ransomware-as-service scheme offers tools and tutorials for getting started with GandCrab, in return for a cut of the profits -- and a promise not to attack Russia.

Ransomware: Security researchers spot emerging new strain of malware

'Magniber' ransomware could potentially be an experiment by people behind the Cerber ransomware family.


Editorial standards