Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Eset Releases Free Ransomware Decryptor
#1
http://www.infosecurity-magazine.com/new...ases-free/  
22 Nov 2016 News
Crysis Averted: Eset Releases Free Ransomware Decryptor
Phil Muncaster
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine

    Email PhilFollow @philmuncaster

Victims of the Crysis ransomware now have a get out of jail free card after security vendor Eset announced a free decryptor tool.

Crysis first broke onto the scene in June after competitor TeslaCrypt apparently ceased operations and tens of thousands of users began downloading the free decryptor for it.

Detected as Win32/Filecoder.Crysis, the ransomware was able to encrypt files on fixed, removable and network drives using strong encryption algorithms, according to Eset.

“During our research we have seen different approaches to how the malware is spread. In most cases, Crysis ransomware files were distributed as attachments to spam emails, using double file extensions. Using this simple – yet effective – technique, executable files appear as non-executable,” Eset’s security evangelist, Ondrej Kubovic, wrote at the time.

“Another vector used by the attackers has been disguising malicious files as harmless looking installers for various legitimate applications, which they have been distributing via various online locations and shared networks.”

Crysis also achieved persistence by setting registry entries to be executed at every system start.

Eset prepared the free decryptor tool after a user known as ‘crss7777’ dumped the master decryption keys last week in a post on the BleepingComputer.com forums.

“Though the identity of ‘crss7777’ is not currently known, the intimate knowledge they have regarding the structure of the master decryption keys and the fact that they released the keys as a C header file indicates that they may be one of the developers of the CrySiS ransomware,” wrote the site’s owner Lawrence Abrams at the time.

“Why the keys were released is also unknown, but it may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them.”

Russian AV firm Kaspersky Lab has also updated its RakhniDecryptor program so it now works for victims of the Crysis ransomware.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  AstraLocker ransomware shuts down and releases decryptors mrtrout 0 471 07-05-2022 , 03:28 AM
Last Post: mrtrout
  Ragnarok ransomware operation shuts down and releases free decrypter mrtrout 0 539 08-27-2021 , 06:45 AM
Last Post: mrtrout
  SynAck ransomware gang releases decryption keys for old victims mrtrout 0 600 08-13-2021 , 07:10 AM
Last Post: mrtrout
  Avaddon ransomware shuts down and releases decryption keys mrtrout 0 1,199 06-15-2021 , 02:38 AM
Last Post: mrtrout
  Shade Ransomware Decryptor can now decrypt over 750K victims tarekma7 0 1,438 04-30-2020 , 10:17 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)