Researchers at Kaspersyky Lab have released a CrySis ransomware decryptor that will allow the recovery of files encrypted by CrySis ransomware versions 2 and 3 without victims having to pay a ransom. Rather than release a separate CrySis ransomware decryptor, Kaspersky Lab incorporated the master decryption keys into the Rakhni decryptor which is available for download from the No More Ransom website.
The master decryption keys were made public on Sunday by an individual who is believed to be one of the hackers involved in the development of CrySis ransomware. The master keys were uploaded to a forum on BeepingComputer.com by an anonymous poster with the username crss7777. The post included a link to Pastebin where a header file could be downloaded. The header file – written in C – contained the master decryption keys for CrySis along with detailed instructions on how they should be used.
According to BeepingComputer founder Lawrence Abrams, the release of the keys “may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them,” although this is just speculation. It is not known why the decision was taken to release the keys to such a popular ransomware.
CrySis was only released in February this year, yet it has fast become one of the most popular ransomware variants following the cracking of TeslaCrypt.
CrySis can encrypt a wide range of file types on local computers and shared drives. While not as popular as Locky, the ransomware was still used in widespread attacks, mostly in Russia, South and North Korea, Brazil, and Japan with the ransomware accounting for 1.15% of the total global ransomware infections in 2016.
In addition to CrySis, the following ransomware variants have now been cracked and decryptors made available via the No More Ransom Project:
- Bitman (TeslaCrypt) version 3 and 4
- CryptXXX (Versions 1 and 2)