{"id":8168,"date":"2016-12-20T09:59:11","date_gmt":"2016-12-20T09:59:11","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/?p=8168"},"modified":"2019-11-22T10:08:14","modified_gmt":"2019-11-22T10:08:14","slug":"cryptxxx-v3-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/cryptxxx-v3-ransomware\/8168\/","title":{"rendered":"Decrypting CryptXXX version 3 \u2014 for free"},"content":{"rendered":"

In April 2016 a young and ambitious trojan cryptor known by the name CryptXXX was released. It was distributed by the infamous Angler and Neutrino exploit kits. It\u2019s creators certainly hoped that after the release they could chill on the sofa and watch the money pour in from their victims pockets. But things did not go the way they had expected.<\/p>\n

A few days after the CryptXXX trojan was discovered<\/a>, experts from Kaspersky Lab found a mistake in CryptXXX file encryption algorithms and thus were able to create a cure<\/a>. A free utility called Rannoh decryptor could be used to decrypt files, encrypted by CryptXXX.<\/p>\n

The criminals had to get up from their comfortable couch and start working to fix the bug. So they started distributing a new version, but it took our experts just a few days more to develop a cure for the second version of CryptXXX<\/a>. Rannoh decryptor was updated \u2014 and the Trojan\u2019s victims could once again decrypt their files without paying ransom.<\/p>\n

\n

#CryptXXX<\/a> v2 can now be decrypted with our decryptor #noransom<\/a> #ransomware<\/a> #infosec<\/a> https:\/\/t.co\/XJZGaQK0E7<\/a> pic.twitter.com\/3D1SmdiCeM<\/a><\/p>\n

\u2014 Kaspersky (@kaspersky) May 13, 2016<\/a><\/p><\/blockquote>\n