Free decryption keys for CryptXXX Ransomware
BleepingComputer has long been working on helping users effected by CryptXXX Ransomware. This week, they published an article uncovering a bug on the CryptXXX ransomware’s payment server where victims are logging in and receiving their decryption key for free.
Free Decryption Key
These free keys are only being offered for certain versions of CryptXXX, namely those that add the .Crpyz and .Cryp1 extensions to encrypted files.
Though it is unknown why this is occurring – Bleeping Computer suggest it is a malfunction of the payment server- a detailed list of keys are available.
Keys being offered for free
.CRYPZ EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].txt
Example TOR Url: //xqraoaoaph4d545r.onion.to
Example TOR Url: //xqraoaoaph4d545r.onion.cab
Example TOR Url: //xqraoaoaph4d545r.onion.city
.CRYP1 EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].html
Example TOR Url: //eqyo4fbr5okzaysm.onion.to
Example TOR Url: //eqyo4fbr5okzaysm.onion.cab
Example TOR Url: //eqyo4fbr5okzaysm.onion.city
Does Not Provide a Free Key
.CRYPT EXTENSION (ULTRADECRYPTER)
Ransom Note Name: [victim_id].html
Ransom Note Name: [victim_id].txt
Example TOR Url: //klgpco2v6jzpca4z.onion.to
Example TOR Url: //klgpco2v6jzpca4z.onion.cab
Example TOR Url: //klgpco2v6jzpca4z.onion.city
.CRYPT EXTENSION (GOOGLE DECRYPTOR)
Ransom Note name: !Recovery_[victim_id].html
Ransom Note name: !Recovery_[victim_id].txt
Example TOR Url: //2zqnpdpslpnsqzbw.onion.to
Example TOR Url: //2zqnpdpslpnsqzbw.onion.cab
Example TOR Url: //2zqnpdpslpnsqzbw.onion.city
RANDOM EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: @[victim_id].html
Ransom Note Name: @[victim_id].txt
Example TOR Url: 2mpsasnbq5lwi37r.onion.to
Example TOR Url: 2mpsasnbq5lwi37r.onion.cab
Example TOR Url: 2mpsasnbq5lwi37r.onion.city
NO EXTENSION (MICROSOFT DECRYPTOR)
Ransom Note Name: README.html
Ransom Note Name: README.txt
Example TOR Url: //ccjlwb22w6c22p2k.onion.to
Example TOR Url: //ccjlwb22w6c22p2k.onion.city
Have a great (ransomware-free) day!
Related Posts:
- VaultCrypt ransomware offers fake customer support
- Strong indications that ransomware devs don’t like…
- Apocalypse: Ransomware which targets companies through…
- Copycat Ransomware “Locker” Emerges
- RAA, a new Ransomware variant using only JavaScript