Today, Kaspersky Lab has released an updated version of the RannohDecryptor ransomware decryption toolkit that can also handle CryptXXX infections.
CryptXXX is one of the most recently discovered ransomware variants that have surfaced in the past week. The ransomware works just like any other piece of crypto-ransomware we've seen on the market in the last few months, but this is not the most dangerous detail about its mode of operation.
According to Proofpoint researchers, the ransomware is distributed by a well-oiled cyber-crime machine that has also distributed in the past malware such as the Reventon ransomware and the Bedep clickfraud malware.
Besides encrypting files, the ransomware also collects a lot of personal information from infected computers and even tries to steal Bitcoin from cryptocurrency wallets.
Nevertheless, Kaspersky researchers were able to find a weak point in the ransomware's operations and have adapted their RannohDecryptor to handle this new threat.
In order to discover the encryption key that CryptXXX used to lock the victim's files, users need to have an unencrypted copy of an encrypted file, so the decrypter can compare the two.
After RannohDecryptor obtains the decryption key, users only need to tweak the application's settings for their local PC setup and run it to start decrypting files.
Depending on the number of files CryptXXX locked, it will take a few hours to decrypt all your data, so give it some time. Furthermore, the decrypter only unlocks your files, and you'll still need an antivirus with malware removal capabilities to delete any remnants of CryptXXX from your system.
