After the distribution decryption tools for two variants of ransomware CryptXXX program in April and May 2016, Kaspersky Lab presents the new decryption tool for files that have been locked with the latest malware. The malicious program was able to “infect” thousands of computers worldwide by April 2016 and the files were “infected” by it was impossible to fully decipher. But not anymore. Free RannohDecryptor Kaspersky Lab’s tool can decrypt multiple files with extensions .crypt, .cryp1 and .crypz.
To CryptXXX is one of the most actively distributed and dangerous “families” ransomware programs: for a long time the cybercriminals used the Angler and Neutrino exploit kits in order to “infect” their victims with this malicious software. Both kits were considered among the most effective in terms of ‘infect’ goals successfully.
Since April 2016, the Kaspersky Lab products have registered CryptXXX attacks against at least 80,000 users worldwide. The more than half of them come mainly from six countries: the US, Russia, Germany, Japan, India and Canada. But these are only users protected by Kaspersky Lab’s detection technologies. Unfortunately, the total number of users who have been attacked is much higher. Actual figures are not known, but the Kaspersky Lab experts estimate that there may be several hundreds of thousands of “infected” users.
As stated by Anton Ivanov, an expert on security issues of Kaspersky Lab,
“Our usual advice to victims of various’ families» ransomware is this: even if there is currently no available decryption tool for the version of the malware that has encrypt your files, please do not pay the ransom to the criminals. Save the damaged files and be patient – the possibility to have a decryption tool in the near future is now very large. Consider the case of CryptXXX v.3 as proof of this advice. No. of experts in security worldwide working hard to be able to help the victims of the ransomware programs. Sooner or later the solution for the vast majority of ransomware “is found
The decryption tool can be downloaded from Kaspersky Lab’s website and from Nomoreransom.org – the non-profit initiative website launched this year by the National Directorate of Criminal Investigation of the Dutch Police, Europol’s European Cybercrime Centre together with two digital companies insurance by the private sector, Kaspersky Lab and Intel security, aimed at providing assistance to the victims of malicious ransomware programs to recover the encrypted data, without having to pay criminals. The global fight against ransomware systems continues apace, with more than 30 new partners from both the public and private sectors to join forces actively contributing to the initiative «No More Ransom».
The Jornt van der Wiel, Security Researcher at Global Research and Analysis Team of Kaspersky Lab, commented,
“Our data show that last year the attacks to businesses have tripled, which means that there is a significant change in the frequency of attacks, every two minutes a per 40 seconds. For individual users, the growth rate exceeded 20 seconds per attack and reached one attack every 10 seconds. This was accompanied by an increase in new types of ransomware. Too many people still believe that they have no alternative but to pay the requested ransom, even though it is known that many of those who paid no ransom never got back their files – among them one in five companies. For this, this development now provides a life-saving alternative, as it allows to unlock your files without paying ransom “