1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

CrySis Ransomware Master Decryption Keys Released

Discussion in 'Ransomware Decrypters' started by starbuck, Nov 14, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    4f2ed9651d3386bea2029198ec8b401f.jpg

    The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public.

    Researchers at Kaspersky Lab said they have already folded the keys into the company’s Rakhni decryptor and victims of CrySis versions 2 and 3 now have a means of recovering their lost files.

    The key was posted at 1 a.m. Eastern time to the BleepingComputer.com forums by a user known only as crss7777, said founder Lawrence Abrams.
    Abrams speculates that it could have been the ransomware developer who posted the key on the site’s CrySis support forum page; the post included a Pastebin link to a header file written in C that contains the master decryption keys and instructions on how to use them.
    Though the identity of crss7777 is not currently known, the intimate knowledge they have regarding the structure of the master decryption keys and the fact that they released the keys as a C header file indicates that they may be one of the developers of the CrySiS ransomware,” Abrams said.
    Why the keys were released is also unknown, but it may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them.”

    CrySis surfaced in February after a report by researchers at Eset said the ransomware was quickly gaining favor from hackers after the decryption of TeslaCrypt ransomware.
    CrySis spread via email attachments with double file extensions or through links in spam messages.
    It was also found lurking in Trojanized versions of freely available software such as compression programs like WinRAR.
    Like most ransomware, it could encrypt a large number of file types and sought to encrypt data stored on shared drives.
    Documents encrypted by CrySis have their filenames changed to include a .xtbl extension and an email address, similar to [filename].id-[id].[email_address].xtbl, BleepingComputer said.
    Kaspersky researchers said CrySis accounted for 1.15 percent of ransomware infections this year, with most of the victims found in Russia, Japan, South and North Korea, and Brazil.
    A number of virulent ransomware families have been extinguished this year, including CryptXXX, TeslaCrypt, Chimera, Jigsaw and others.


    Source:
    https://threatpost.com/crysis-ransomware-master-decryption-keys-released/121942/
     

Share This Page