- Jan 24, 2011
- 9,378
If you are one of the people that had their data locked by the CryptXXX ransomware, there might be some of you that are lucky enough to recover your files for free.
Earlier today, users visiting the Tor-based payment sites of the CryptXXX ransomware discovered that after logging in with their ID, instead of receiving decryption instructions, they received the actual decryption key, for free, without doing anything.
This didn't happen for all users but only for CryptXXX ransomware variants that encrypt files using the .crypz and .cryp1 file extensions at the end.
Glitch or intentional?
In May, the crooks behind the TeslaCrypt ransomware decided to close shop and provided a master key to recover the files of all infected users. CryptXXX does not use a master key, but private keys different for each user, so there's no universal magic key that can unlock the files all CryptXXX users in one go.
It is currently unknown if the leakage of these keys was done intentionally by CryptXXX's authors, or is a server glitch.
Our bet is with the second option since CryptXXX has been plagued by several encryption routine problems that allowed Kaspersky experts to create decrypters for older versions of the ransomware.
Read more: CryptXXX Devs Provide Free Decryption Keys for Some Ransomware Versions
Earlier today, users visiting the Tor-based payment sites of the CryptXXX ransomware discovered that after logging in with their ID, instead of receiving decryption instructions, they received the actual decryption key, for free, without doing anything.
This didn't happen for all users but only for CryptXXX ransomware variants that encrypt files using the .crypz and .cryp1 file extensions at the end.
Glitch or intentional?
In May, the crooks behind the TeslaCrypt ransomware decided to close shop and provided a master key to recover the files of all infected users. CryptXXX does not use a master key, but private keys different for each user, so there's no universal magic key that can unlock the files all CryptXXX users in one go.
It is currently unknown if the leakage of these keys was done intentionally by CryptXXX's authors, or is a server glitch.
Our bet is with the second option since CryptXXX has been plagued by several encryption routine problems that allowed Kaspersky experts to create decrypters for older versions of the ransomware.
Read more: CryptXXX Devs Provide Free Decryption Keys for Some Ransomware Versions
Keys being offered for free
.Crypz Extension (UltraDecryptor)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].txt
.Cryp1 Extension (UltraDecryptor)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].html
Keys NOT being offered for free
.Crypt Extension (UltraDeCrypter)
Ransom Note Name: [victim_id].html
Ransom Note Name: [victim_id].txt
.Crypt Extension (Google Decryptor)
Ransom Note name: !Recovery_[victim_id].html
Ransom Note name: !Recovery_[victim_id].txt
Random Extension (UltraDecryptor)
Ransom Note Name: @[victim_id].html
Ransom Note Name: @[victim_id].txt
No extension (Microsoft Decryptor)
Ransom Note Name: README.html
Ransom Note Name: README.txt
.Crypz Extension (UltraDecryptor)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].txt
.Cryp1 Extension (UltraDecryptor)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].html
Keys NOT being offered for free
.Crypt Extension (UltraDeCrypter)
Ransom Note Name: [victim_id].html
Ransom Note Name: [victim_id].txt
.Crypt Extension (Google Decryptor)
Ransom Note name: !Recovery_[victim_id].html
Ransom Note name: !Recovery_[victim_id].txt
Random Extension (UltraDecryptor)
Ransom Note Name: @[victim_id].html
Ransom Note Name: @[victim_id].txt
No extension (Microsoft Decryptor)
Ransom Note Name: README.html
Ransom Note Name: README.txt
