CrySiS Ransomware Decryption Key Leaked By Anonymous User.
A small victory this week against the ever-troublesome ransomware software, specifically CrySiS Ransomware, which has become one of the largest cyber security threats in the last few years.
There are dozens of strains of ransomware out there, which hold you “ransom” by encrypting your files and making them inaccessible until you pay, usually through an anonymous digital currency like Bitcoin. The ransoms are usually a few hundred dollars, though specifically targeted businesses have paid tens of thousands.
CrySiS, a specific strain of ransomware, had been gaining traction this year, accounting for more than 1% of all infections. That has now come to an end.
The master decryption key, which can be used to decrypt all files affected by CrySiS, was shared by a user on the BleepingComputer.com forums. The user, who went by the name crss7777, shared the keys via a pastebin.com link. Their true identity is unknown, but Lawrence Abrams, founder of BleepingComputer.com, suggests that they may have been one of the developers of CrySiS.
This is not the first time a master key has been released. Earlier this year, the key for TeslaCrypt, which had become one of the most prevalent types of ransomware, was released by its own developers.
Ransomware has been so successful for two reasons: it’s technologically sound, and the majority of distributors follow through on their promise of unlocking files after receiving payment.
Many ransomware programs use the same technology that security products use to protect your information. The Crysis ransomware uses RSA encryption – which is the most widely used encryption system in SSL/TLS.
There are millions of computers infected by ransomware worldwide. Until the encryption methods underlying a specific strain of ransomware is defeated, there is usually no solution (besides paying the ransom) because the files themselves have been altered by encryption.
Some ransomware strains have been found to use very basic encryption methods, which could be defeated with reverse engineering. But the most widely spread versions use strong encryption systems that cannot be brute-forced or reverse engineered. In these cases, getting the decryption key is the only solution.
A group of companies, including Kapersky and Amazon, have come together to create the No More Ransom Project, which advocates against paying any ransoms. Ransomware has become one of the biggest threats in cyber security in just a few years, and everyone is a target – including individuals hospitals, and police departments. As long as ransomware is financially lucrative, this trend will continue.
Less than 48 hours after CrySiS’ master key was posted, decryptor tools, which return files to their original state, had been updated to support decrypting.
Kapersky’s Rakhni Decryptor tool can be downloaded for free and ‘unlocks’ files affected by more than a dozen types of ransomware, including CrySiS.