What can be termed as a major relief for the victims and embarrassment for the attackers, Researchers at Kaspersky Lab have released an updated version of thier Rannoh Decryptor Tool for CryptXXX v.3 Ransomware.
Kaspersky Lab has already been successful in neutralizing the earlier versions, CryptXXX v.1 and CryptXXX v.2 and now with the release of the updated RannohDecryptor Tool, CryptXXX v.3 files can be unlocked using this Ransomware Decryption Tool. Although previous decryption tools were able to recover files, they could not encrypt all. RannohDecryptor goes a step ahead and completely decrypts all the files.
About CryptXXX malware
CryptXXX is most active in countries such as the United States, Russia, Germany and Japan with these regions accounting for almost 25% of the total infections.
As per Kaspersky Lab researchers, the CryptXXX malware is a DLL (dynamic-link library) authored in Delphi and uses a variety of different encryption algorithms to attack files.
It uses three encryption methods including RC4 with one key for all files, and two others that use RC4 and RSA to encrypt the content of files and the RC4 keys, or a combination of RC4 and RSA where RC4 is used to encrypt the content of files and RSA is used to encrypt some file contents and the RC4 keys.
How CryptXXX v.3 infects
Similar to its predecessors, CryptXXX v.3 Ransomware includes a module called stiller.dll that is downloaded on the targeted computers. Once downloaded, stiller.dll is capable of stealing 130 different types of account credentials stored on the PC such as those used by e-mail clients, messenger programs and web browsers.
CryptXXX then transfers all the valuable data to the attackers’ server and encrypts them demanding ransom from the victim in exchange of decryption keys. There is no guarantee if the data would be retrieved back, even if the ransom is paid. Hence, ransom shouldn’t be paid.
The ransom amount demanded by CryptXXX v.3 is still not certain although it could be close to 1.3 bitcoin ($1,000) which was demanded by earlier CrpytXXX versions. CryptXXX v.3 locks files using the extensions .crypt, .cryp1 and .crypz, reports Kaspersky.
You can download RannohDecryptor Tool from Kaspersky’s NoRansom website.