Tuesday, August 23, 2016

Free decryption keys for CryptXXX Ransomware

blog_main_cryptxxx


BleepingComputer has long been working on helping users effected by CryptXXX Ransomware. This week, they published an article uncovering a bug on the CryptXXX ransomware’s payment server where victims are logging in and receiving their decryption key for free.


Free Decryption Key



These free keys are only being offered for certain versions of CryptXXX, namely those that add the .Crpyz and .Cryp1 extensions to encrypted files.


Though it is unknown why this is occurring – Bleeping Computer suggest it is a malfunction of the payment server- a detailed list of keys are available.


Keys being offered for free


.CRYPZ EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: ![victim_id].html

Ransom Note Name: ![victim_id].txt


Example TOR Url: http://xqraoaoaph4d545r.onion.to

Example TOR Url: http://xqraoaoaph4d545r.onion.cab

Example TOR Url: http://xqraoaoaph4d545r.onion.city


.CRYP1 EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: ![victim_id].html

Ransom Note Name: ![victim_id].html


Example TOR Url: http://eqyo4fbr5okzaysm.onion.to

Example TOR Url: http://eqyo4fbr5okzaysm.onion.cab

Example TOR Url: http://eqyo4fbr5okzaysm.onion.city


Does Not Provide a Free Key


.CRYPT EXTENSION (ULTRADECRYPTER)

Ransom Note Name: [victim_id].html

Ransom Note Name: [victim_id].txt


Example TOR Url: http://klgpco2v6jzpca4z.onion.to

Example TOR Url: http://klgpco2v6jzpca4z.onion.cab

Example TOR Url: http://klgpco2v6jzpca4z.onion.city


.CRYPT EXTENSION (GOOGLE DECRYPTOR)

Ransom Note name: !Recovery_[victim_id].html

Ransom Note name: !Recovery_[victim_id].txt


Example TOR Url: http://2zqnpdpslpnsqzbw.onion.to

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.cab

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.city


RANDOM EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: @[victim_id].html

Ransom Note Name: @[victim_id].txt


Example TOR Url: 2mpsasnbq5lwi37r.onion.to

Example TOR Url: 2mpsasnbq5lwi37r.onion.cab

Example TOR Url: 2mpsasnbq5lwi37r.onion.city


NO EXTENSION (MICROSOFT DECRYPTOR)

Ransom Note Name: README.html

Ransom Note Name: README.txt


Example TOR Url: http://ccjlwb22w6c22p2k.onion.to

Example TOR Url: http://ccjlwb22w6c22p2k.onion.city


Have a great (ransomware-free) day!



Related Posts:


  • VaultCrypt ransomware offers fake customer support

  • Strong indications that ransomware devs don’t like…

  • Apocalypse: Ransomware which targets companies through…

  • Copycat Ransomware “Locker” Emerges

  • RAA, a new Ransomware variant using only JavaScript




Free decryption keys for CryptXXX Ransomware
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)