- This topic is empty.
- July 11, 2016 at 5:32 am #565MFixerGuest
About CryptXXX Virus
It was April of 2016 when the very first version of CryptXXX was seen in the wild. It affects almost all versions of Windows including Windows XP, Vista, 7, 8, and the most recent Windows 10. Once executed, this virus scans all drives and looks for targeted files. When found, CryptXXX encrypts these files using a strong encryption method called RSA4096. It appends infected files with .crypt extension. So, if target files is Sample.doc, the infected version will be Sample.doc.crypt.
Kaspersky cracked the first version and to help victims, the company releases the first CryptXXX Decryption tool. It was called RannohDecryptor.
By mid of May 20016, the first major update of CryptXXX foils the decryption tool. This time, cyber criminals make it much harder to access file system. This CryptXXX version 2 ransomware was able to lock the screen and displays alarming message on desktop.
Consequently, Kasperky’s RannohDecryptor was able to decode the updated ransomware right away. They have announced the updated CryptXXX file decryptor tool that is successful in recovering files affected by the second upgrade of CryptXXX.
Earlier of June 2016, CryptXXX version 3 was released. This version appends the file with .crypz extension. Ransom payment for this one is 2.4 Bitcoins or around US$1,000 at current rate.
On 21st of June, 2016, another version of CryptXXX shows a new evolution. It now appends encrypted files with random five characters extension. Random in the sense that each victim will see distinct file extension. If CryptXXX uses .BA2D5 extension on first victim, another victim may see .AD9E1 as appended file extension.
Notable CryptXXX encrypted file extensions:
.[random 5 characters]
Notable CryptXXX ransom note files:
[your _id]. .html
[your _id]. .bmp
!Recovery_[ your _id].bmp
!Recovery_[ your _id].html
!Recovery_[ your _id].txt
The [your_id] is a unique set of strings assigned as you as computer’s identification when making payment for this ransomware.
Download CryptXXX Decryption Tool by Kaspersky
This RannohDecrytor utility by Kaspersky is designed to decrypt files affected by various ransomware including CryptXXX version 1 and 2 (.crypt, .crypt1).
Download CryptXXX File Decryptor Tool by TrendMicro
Trend Micro Ransomware File Decryptor can recover files encrypted by various ransomware. This version can be used to totally decrypt files affected by CryptXXX versions 1 and 2. This tool may also partially recover files that are infected with CryptXXX version 3 (.crypt, .crypt1, .crypz, or 5 random characters).