Researchers launch another salvo at CryptXXX ransomware

Mistakes made by ransomware authors are often short-lived, but Kaspersky isn't giving up.
Written by Charlie Osborne, Contributing Writer
Kaspersky Labs

Kaspersky Lab researchers are playing a game of cat-and-mouse with the authors of the CryptXXX ransomware, and have released another new tool to help victims get their files back without paying a fee.

Ransomware is malware which uses pressure and the threat of losing content forever to force people to pay a fee to cyberattackers in the hopes of gaining access to their systems.

Once a machine is infected, the malware encrypts files and presents a lock screen, preventing users from accessing the PC. A demand is given for payment in return for a key to decrypt your files -- which may, or may not, work.

CryptXXX, first discovered in April, is not your standard breed of ransomware. The software not only encrypts your files with the .crypt extension but also attacks any files on connected storage devices, steals cryptocurrency wallet funds stored on your system and may also send sensitive data to cyberattackers.

The malware will often demand $500 in Bitcoin.

In April, Kaspersky said that CryptXXX contained a number of errors which made it possible to update the RannohDecryptor decryption tool -- which now works with both Rannoh and CryptXXX -- to remove the malware from your PC.

However, only a few days later, the operators behind the malware released a new version which negated Kaspersky's tools and shoved victims back into the same position as before.

The security team has not been deterred, and recently announced an additional update which has adapted RannohDecryptor for the latest version of CryptXXX.

You used to need a copy of an original file which had not been encrypted by the malware for the software to find a decryption key, but now you no longer need to do so.

The latest update,, can be downloaded here for free.

This game is likely to continue between cybercriminals and research firms for some time to come while users become embroiled in the crossfire. The best step you can take is to try and not become infected in the first place by using antivirus tools and keeping your system patched and as up-to-date as possible.

10 things you didn't know about the Dark Web

Read on: Top picks

Editorial standards