1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New Decryption Tool Available for Cry128 Strain of CryptON Ransomware Family

Discussion in 'Ransomware Decrypters' started by starbuck, May 3, 2017.

  1. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,776
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    A new tool against ransomware available for free

    22a318af7d3cce6869b5788234a228f4.jpg

    The war against ransomware can claim another won battle as a new decrypter has been released for free by Emsisoft.
    This time, the decrypter works on the Cry128 strain from the CryptON ransomware family    .

    Strains from the CryptON ransomware, such as the X3M and Nemesis, started popping up here and there back in December of last year.
    Security Researchers claim they are all put together using the same builder, which is the software application which automates the process of customizing a malware executable.
    The Cry128 strain that can now be decrypted with this free tool began appearing on April 22, 2017, so it's rather fresh.

    How does Cry128 work?

    Emsisoft researchers state that the CryptON ransomware family generally infects systems via remote desktop service brute force attacks, which allow them to log into the victim's server and execute the ransomware.

    "Once the criminals have access, the malware will delete the system’s recovery points so shadow copies cannot be used to recover the files once encrypted.
    Since Cry128 does not contain an extension list, it will encrypt all file types on the machine.
    It does, however, exclude C:\Windows, C:\Program Files and the user profile folder from the encryption operation, so that boot operation and other critical processes are not impacted    ," the company mentions.

    The Cry128 strain relies on a modified AES version working on 128 byte locks and with 1024 bit keys in ECB mode.
    Once the malware encrypts a file, the file appears to be 16 bytes larger than the original.

    The Cry128 ransomware uses a payment portal that's hosted on Tor and tor2web links.

    If you've fallen victim to this ransomware, don't despair and don't pay the fees requested from you.
    The decrypter is available for free download from Emsisoft's site, although we do advise people to go through the removal guide first.


    Source:
    http://news.softpedia.com/news/new-...ain-of-crypton-ransomware-family-515363.shtml
     
    starbuck, May 3, 2017
    #1
  3. Seth Anthony

    Seth Anthony Registered Members

    Joined:
    Mar 31, 2017
    Messages:
    1,444
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    Altaire 8800
    CPU:
    Modified Texas Instruments calculator
    Memory:
    2 transistor tubes
    Hard Drive:
    pen and paper
    Graphics Card:
    TV ready
    Power Supply:
    Mouse on a wheel
    I got a call today from a potential customer that has Cypto variant. It will be an old variant as she hasn't used the computer in a year. She got infected by opening the scam "invoice" email.

    Fortunately she has some of her pictures backed up to a disc, so I might be able to use a decryption tool in conjunction with a clean picture file for comparison.

    Has anyone had any success with a decryption tool?
     
    Seth Anthony, May 12, 2017
    #2
  4. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,776
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Seth,

    It would depend on the extension that's been added to the files.
    There are so many variants now.
    Some decryptors work well..... some are a bit hit and miss.
     
    starbuck, May 12, 2017
    #3
  5. Seth Anthony

    Seth Anthony Registered Members

    Joined:
    Mar 31, 2017
    Messages:
    1,444
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    Altaire 8800
    CPU:
    Modified Texas Instruments calculator
    Memory:
    2 transistor tubes
    Hard Drive:
    pen and paper
    Graphics Card:
    TV ready
    Power Supply:
    Mouse on a wheel
    When I first looked into it, I couldn't believe how many decryptors were out there for all the variants.

    If I do happen to get that computer, I'll post the results.
     
    Seth Anthony, May 12, 2017
    #4
  6. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,776
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    That would be a help, then we'll know if there's a decryptor for that extension.
     
    starbuck, May 12, 2017
    #5
  7. Seth Anthony

    Seth Anthony Registered Members

    Joined:
    Mar 31, 2017
    Messages:
    1,444
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    Altaire 8800
    CPU:
    Modified Texas Instruments calculator
    Memory:
    2 transistor tubes
    Hard Drive:
    pen and paper
    Graphics Card:
    TV ready
    Power Supply:
    Mouse on a wheel
    Seth Anthony, May 13, 2017
    #6
    allheart55 (Cindy E) likes this.
  8. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,807
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    What's the catch?
     
    Tony D, May 13, 2017
    #7
  9. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,776
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    I haven't personally tried the program but I have read some good reports on it.
    Anything that helps with Ransomware has to be good.
     
    starbuck, May 13, 2017
    #8
  10. Seth Anthony

    Seth Anthony Registered Members

    Joined:
    Mar 31, 2017
    Messages:
    1,444
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    Altaire 8800
    CPU:
    Modified Texas Instruments calculator
    Memory:
    2 transistor tubes
    Hard Drive:
    pen and paper
    Graphics Card:
    TV ready
    Power Supply:
    Mouse on a wheel
    No catch that I'm aware of, but I suspect that if it becomes popular, there will be a fee.

    I heard of it from some techs on another forum.
     
    Seth Anthony, May 13, 2017
    #9

Share This Page