Free decryption keys for CryptXXX Ransomware

  • July 20, 2016
  • 2 min read

blog_main_cryptxxx

BleepingComputer has long been working on helping users effected by CryptXXX Ransomware. This week, they published an article uncovering a bug on the CryptXXX ransomware’s payment server where victims are logging in and receiving their decryption key for free.

Free Decryption Key

These free keys are only being offered for certain versions of CryptXXX, namely those that add the .Crpyz and .Cryp1 extensions to encrypted files.

Though it is unknown why this is occurring – Bleeping Computer suggest it is a malfunction of the payment server- a detailed list of keys are available.

Keys being offered for free

.CRYPZ EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].txt

Example TOR Url: http://xqraoaoaph4d545r.onion.to
Example TOR Url: http://xqraoaoaph4d545r.onion.cab
Example TOR Url: http://xqraoaoaph4d545r.onion.city

.CRYP1 EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].html

Example TOR Url: http://eqyo4fbr5okzaysm.onion.to
Example TOR Url: http://eqyo4fbr5okzaysm.onion.cab
Example TOR Url: http://eqyo4fbr5okzaysm.onion.city

Does Not Provide a Free Key

.CRYPT EXTENSION (ULTRADECRYPTER)
Ransom Note Name: [victim_id].html
Ransom Note Name: [victim_id].txt

Example TOR Url: http://klgpco2v6jzpca4z.onion.to
Example TOR Url: http://klgpco2v6jzpca4z.onion.cab
Example TOR Url: http://klgpco2v6jzpca4z.onion.city

.CRYPT EXTENSION (GOOGLE DECRYPTOR)
Ransom Note name: !Recovery_[victim_id].html
Ransom Note name: !Recovery_[victim_id].txt

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.to
Example TOR Url: http://2zqnpdpslpnsqzbw.onion.cab
Example TOR Url: http://2zqnpdpslpnsqzbw.onion.city

RANDOM EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: @[victim_id].html
Ransom Note Name: @[victim_id].txt

Example TOR Url: 2mpsasnbq5lwi37r.onion.to
Example TOR Url: 2mpsasnbq5lwi37r.onion.cab
Example TOR Url: 2mpsasnbq5lwi37r.onion.city

NO EXTENSION (MICROSOFT DECRYPTOR)
Ransom Note Name: README.html
Ransom Note Name: README.txt

Example TOR Url: http://ccjlwb22w6c22p2k.onion.to
Example TOR Url: http://ccjlwb22w6c22p2k.onion.city

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great (ransomware-free) day!

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next