Kaspersky Labs launches lifeline for CryptXXX ransomware victims

This ransomware is particularly nasty as it does not just lock your files, but also steals your data and any Bitcoin you have stored on your PC.
Written by Charlie Osborne, Contributing Writer
Kaspersky Labs

Kaspersky researchers have managed to crack the CryptXXX ransomware code and have issued a free tool for users to get their files back without paying a fee.

The ransomware, dubbed CryptXXX, was first discovered by Proofpoint researchers in April. While standard ransomware variants do nothing more than encrypt your files and demand a ransom fee -- most often in Bitcoin, but demands can also vary to include commodities such as Apple iTunes gift cards -- this new strain of ransomware is different.

CryptXXX not only encrypts your files using the .crypt extension, but takes things a lot further -- by encrypting files on any attached data storage devices, rifling through your compromised system to steal sensitive data, and taking away any cryptocurrency Bitcoin reserves you have.

Once the malware finds its way onto a system through a malicious download, CryptXXX encrypts the hard drive and creates three files, all of which display the ransom demand as a desktop wallpaper, browser web page and text file.

The ransomware claims the system has been locked with the help of the RSA4096 encryption algorithm and demands $500 in Bitcoin for files to be decrypted.

Trying to remove ransomware as a whole while keeping hold of files is an uphill struggle, not just for users but also for companies which are attempting to combat these threats. However, in a blog post this week, Kaspersky Lab's John Snow said there is hope for CryptXXX victims in the form of a new, free tool.

See also: Dogspectus ransomware targets Android devices in the quest for Apple iTunes gift cards

While it is often difficult to reverse-engineer sophisticated ransomware variants, Kaspersky was able to do so in this case and therefore update the RannohDecryptor, which now cleanses systems of both Rannoh and CryptXXX malware as long as there is at least one original file sample -- which has not been encrypted -- of a version CryptXXX has locked.

"It's better not to tempt fate and prevent CryptXXX from infecting your PC beforehand," Snow says.

"Our decryption tool works today, but criminals can soon release a new version of the same ransomware that would be smarter. Very often culprits change malware code in such a way that it becomes impossible to decrypt infected files."

In order to protect yourself, consider downloading an antivirus tool and a scanner or two to monitor your system for malicious files, downloads and processes.

You can download the free decryption tool here.

The ransomware guide: protection and eradication

Read on: Top picks

Editorial standards