Site icon Emsisoft | Cybersecurity Blog

Free decryption keys for CryptXXX Ransomware

blog_main_cryptxxx

BleepingComputer has long been working on helping users effected by CryptXXX Ransomware. This week, they published an article uncovering a bug on the CryptXXX ransomware’s payment server where victims are logging in and receiving their decryption key for free.

Free Decryption Key

These free keys are only being offered for certain versions of CryptXXX, namely those that add the .Crpyz and .Cryp1 extensions to encrypted files.

Though it is unknown why this is occurring – Bleeping Computer suggest it is a malfunction of the payment server- a detailed list of keys are available.

Keys being offered for free

.CRYPZ EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].txt

Example TOR Url: http://xqraoaoaph4d545r.onion.to
Example TOR Url: http://xqraoaoaph4d545r.onion.cab
Example TOR Url: http://xqraoaoaph4d545r.onion.city

.CRYP1 EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: ![victim_id].html
Ransom Note Name: ![victim_id].html

Example TOR Url: http://eqyo4fbr5okzaysm.onion.to
Example TOR Url: http://eqyo4fbr5okzaysm.onion.cab
Example TOR Url: http://eqyo4fbr5okzaysm.onion.city

Does Not Provide a Free Key

.CRYPT EXTENSION (ULTRADECRYPTER)
Ransom Note Name: [victim_id].html
Ransom Note Name: [victim_id].txt

Example TOR Url: http://klgpco2v6jzpca4z.onion.to
Example TOR Url: http://klgpco2v6jzpca4z.onion.cab
Example TOR Url: http://klgpco2v6jzpca4z.onion.city

.CRYPT EXTENSION (GOOGLE DECRYPTOR)
Ransom Note name: !Recovery_[victim_id].html
Ransom Note name: !Recovery_[victim_id].txt

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.to
Example TOR Url: http://2zqnpdpslpnsqzbw.onion.cab
Example TOR Url: http://2zqnpdpslpnsqzbw.onion.city

RANDOM EXTENSION (ULTRADECRYPTOR)
Ransom Note Name: @[victim_id].html
Ransom Note Name: @[victim_id].txt

Example TOR Url: 2mpsasnbq5lwi37r.onion.to
Example TOR Url: 2mpsasnbq5lwi37r.onion.cab
Example TOR Url: 2mpsasnbq5lwi37r.onion.city

NO EXTENSION (MICROSOFT DECRYPTOR)
Ransom Note Name: README.html
Ransom Note Name: README.txt

Example TOR Url: http://ccjlwb22w6c22p2k.onion.to
Example TOR Url: http://ccjlwb22w6c22p2k.onion.city

Emsisoft Endpoint Protection: Award-Winning Security Made Simple

Experience effortless next-gen technology. Start Free Trial

Have a great (ransomware-free) day!

Exit mobile version