cryptxxx ransomware Kaspersky battles back against CryptXXX ransomware

[Reefa]

 

Security experts at Kaspersky have developed a tool that can counteract the ransomware known as CryptXXX. The Russian company has now released the utility as a free download available to anyone who has been affected by the devious piece of malware.

 

First discovered earlier this month, CryptXXX presents certain advances over the strategies we’ve come to expect from ransomware. Like most attacks of this kind, it encrypts the files on your computer using the .crypt extension, at which point the targeted user is prompted to pay a sum of $500 in Bitcoin in order to regain access.

 

However, unlike other pieces of ransomware, CryptXXX also encrypts files that happen to be on any attached data storage devices. It also rifles through your hard drive for sensitive data, as well as hoovering up any Bitcoin funds that you might have left unprotected.

 

Previously, the attack would leave the targeted computer incapable of doing anything but displaying the ransom message. However, Kaspersky has updated its RannohDecrypter tool to be able to handle CryptXXX as well as Rannoh, the similar form of ransomware that it was originally designed to combat.

 

However, the utility does require something from the user — a single non-encrypted version of a file that was locked away by CryptXXX. So long as there’s a backup of such a file available, then the victim can download Kaspersky’s RannohDecrypter tool from here and follow the associated instructions to regain control of their system.

 

CryptXXX has met its match for now, but Kaspersky’s John Snow warns that hackers might soon find ways to work around RannohDecrypter, according to a report from ZDNet. According to Snow, the best protection against attacks like this is to perform regular security scans, and to avoid unscrupulous websites and strange links.

 

source

[Sylence]

15 minutes ago, Reefa said:

However, the utility does require something from the user — a single non-encrypted version of a file that was locked away by CryptXXX. So long as there’s a backup of such a file available, then the victim can download Kaspersky’s RannohDecrypter tool from here and follow the associated instructions to regain control of their system.

 

 

so it means that for example if 3 files were encrypted by that ransomware, only one of the 3 files is required for Kaspersky’s RannohDecrypter to work successfully?