1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Kaspersky updates RannohDecryptor to decrypt CryptXXX's Crypt, Cryp1, and Crypz Extensions

Discussion in 'Ransomware Decrypters' started by starbuck, Dec 20, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    If you are a CryptXXX Ransomware victim who didn't pay the ransom and instead decided to store their encrypted files and ransom notes for future fixes then you are in luck.

    Today, Kaspersky announced that they have updated their RannohDecryptor utility to decrypt CryptXXX encrypted files that have the .crypt, .cryp1, and .crypz extension.

    We have been monitoring CryptXXX since it was released in April 2016 and it has become one of the most widely reported ransomware families in our forums.
    Kaspersky has seen this as well, with their customers having been attacked by CryptXXX at least 80,000 times since April 2016.
    According to a press release by Kaspersky, more than half were found in six countries: US, Russia, Germany, Japan, India and Canada.

    59570b0b978e0661f03ef12735465d39.png

    Though Kaspersky was able to retrieve many of the decryption keys for the CryptXXX ransomware, not all of them were recovered.
    This means that even if you have a supported variant of CryptXXX, there is no guarantee that the decryptor will be able to decrypt your files.
    If you are affected by the .crypt, .cryp1 and .crypz variants it is definitely worth giving this tool a try.

    How to use RannohDecryptor to decrypt CryptXXX Files

    To use RannohDecryptor to decrypt compatible CryptXXX encrypted files, you need to download it from Kaspersky's site.
    Once it is downloaded, extract the ZIP file and double-click on the RannohDecryptor.exe executable.
    This will launch the main screen as shown below.

    36b4d0ff9d66818af894672996cf0a88.png

    To check to see if your files can be decrypted, click on the Start scan button and you will be prompted to select an encrypted file.

    990b05d843af9a3b0b612e98bdcc9bd7.png

    Select an encrypted .crypt, .cryp1 or .crypz file and then press the Open button.
    RannohDecryptor will now ask you to select a ransom note.

    a1e7db103596fb6bd95fc08bbdce3e0d.png

    At the above screen, click on the OK button and you will be prompted to select a ransom note.
    When CryptXXX infects a victim's computer it creates both a .txt and .html ransom note file in the same folder as encrypted files.
    When I tested RannohDecryptor against CryptXXX, I found that it did a better job retrieving your unique ID from the text files rather than the HTML Files.
    Therefore, I recommend you select the TXT ransom note.

    Once you have selected the ransom note, the decryptor will check if it has a decryption key that can be used for your files.
    If it does not, it will state that it cannot decrypt your files.
    Otherwise, it will begin searching your computer for encrypted files to decrypt.

    d7487cde827572ef0ac15cfbb6226974.png

    This scan and decryption process can take quite a while, so please be patient.
    While it runs, you can click on the Report button to see the status of the decryption as shown below.

    94aab8fb616f69e23eeb5f663777a114.png

    When the program has finished decrypting the computer, you can review the log and then close the program.
    Your files should now be decrypted and usable in your programs.


    Source:
    Lawrence Abrams
    https://www.bleepingcomputer.com/ne...t-cryptxxxs-crypt-cryp1-and-crypz-extensions/
     

Share This Page