Skip to content ↓ | Skip to navigation ↓

Ransomware is a significant problem, there’s no doubt about that.

Time and time again, companies and individuals fall foul of malware that encrypts their data files and demands a ransom be paid for the elusive decryption key.

But sometimes, just sometimes, the ransomware authors make mistakes.

Because sometimes, ways are found to undo the damage done by ransomware without having to send any Bitcoins to the criminals behind the attacks.

That’s certainly the case with the notorious CryptXXX ransomware, which not only encrypts your files but also steals your passwords.

CryptXXX was first spotted in April 2016, distributed via the Angler exploit kit. But within days, security researchers had released a free decryption tool, exploiting a flaw in its encryption algorithm.

Of course, the criminals weren’t going to be happy with the thought that someone had thrown a wrench in the works of their attempt to blackmail innocent computer users, so the following month, a new version of CryptXXX was released.

The game of cat-and-mouse continued, as Kaspersky researchers released a second decryption tool to undo CryptXXX’s damage.

With inevitable predictability, the malware authors released CryptXXX version 3. Hundreds of thousands of computer users are thought to have been hit, helping the criminals to earn a handsome profit.

Which means it’s great news to hear that the researchers have won again – in this battle at least – releasing yet another free decryption tool.

So, if you’ve found you have been hit by the CryptXXX ransomware and your filenames changed to .cryp1, .crypt, or .crypz extensions, there is a way to decrypt your files without paying the criminals.

You can download the tool directly from Kaspersky’s website or via the helpful NoMoreRansom site, which provides a number of handy recovery utilities for various families of ransomware.

Kaspersky security expert Anton Ivanov has some wise advice for users who have suffered a ransomware attack:

“Even if there is currently no decryption tool available for the version of malware that encrypted your files, please don’t pay the ransom to criminals. Save the corrupt files and be patient — the probability of a decryption tool emerging in the near future is high.”

Although it’s easy for security professionals like me and Ivanov to urge victims not to pay the extortionists, the truth is that I can well understand why individuals and businesses might sometimes make that difficult decision.

For instance, in the past I have heard of cases where victims who do not have secure backups have lost their irreplaceable photos of a deceased child or of businesses that simply cannot do business without access to their data. In such cases, it’s understandable that some might decide to make the pragmatic and uncomfortable decision to deal with their blackmailers.

That’s why it’s so important to not rely on the safety net of some smart researchers managing to build decryption tools for the variant of ransomware that infects your system. Instead, build defences and a decent backup regime upon which you can rely should the worst ever happen.

Ransomware has, of course, become one of the most commonly-encountered threats – spurred on, no doubt, by the ease with which online criminals have been able to convert victimised computer users into profitable bitcoin payouts.

Make sure that you are fully versed in State of Security’s ransomware prevention tips and our advice on how to create the multiple layers of protection to defend your network.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.