{"id":3189,"date":"2016-11-14T20:34:21","date_gmt":"2016-11-14T20:34:21","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=3189"},"modified":"2016-11-29T07:42:53","modified_gmt":"2016-11-29T12:42:53","slug":"crysis-ransomware-master-key-released","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/crysis-ransomware-master-key-released\/","title":{"rendered":"CrySiS Ransomware Strain Defeated After Master Key Released"},"content":{"rendered":"<h2>CrySiS Ransomware Decryption Key Leaked By Anonymous User.<\/h2>\n<p>A small victory this week against the ever-troublesome ransomware software, specifically CrySiS Ransomware, which has become one of the largest cyber security threats in the last few years.<\/p>\n<p>There are dozens of strains of ransomware out there, which hold you \u201cransom\u201d by encrypting your files and making them inaccessible until you pay, usually through an anonymous digital currency like Bitcoin. The ransoms are usually a few hundred dollars, though specifically targeted businesses have paid tens of thousands.<\/p>\n<p>CrySiS, a specific strain of ransomware, had been <a href=\"http:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/crysis-to-take-over-teslacrypt\" rel=\"nofollow\">gaining traction this year<\/a>, accounting for more than 1% of all infections. That has now come to an end.<\/p>\n<p>The master decryption key, which can be used to decrypt all files affected by CrySiS, was shared by a user on the <a href=\"http:\/\/www.bleepingcomputer.com\/news\/security\/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-\/\" rel=\"nofollow\">BleepingComputer.com<\/a> forums. The user, who went by the name <strong>crss7777<\/strong>, shared the keys via a pastebin.com link. Their true identity is unknown, but Lawrence Abrams, founder of BleepingComputer.com, suggests that they may have been one of the developers of CrySiS.<\/p>\n<p>This is not the first time a master key has been released. Earlier this year, the key for TeslaCrypt, which had become one of the most prevalent types of ransomware, <a href=\"http:\/\/www.bleepingcomputer.com\/news\/security\/teslacrypt-shuts-down-and-releases-master-decryption-key\/\" rel=\"nofollow\">was released by its own developers<\/a>.<\/p>\n<p>Ransomware has been so successful for two reasons: it\u2019s technologically sound, and the majority of distributors follow through on their promise of unlocking files after receiving payment.<\/p>\n<p>Many ransomware programs use the same technology that security products use to protect your information. The Crysis ransomware uses RSA encryption \u2013 which is the most widely used encryption system in SSL\/TLS.<\/p>\n<p>There are millions of computers infected by ransomware worldwide. Until the encryption methods underlying a specific strain of ransomware is defeated, there is usually no solution (besides paying the ransom) because the files themselves have been altered by encryption.<\/p>\n<p>Some ransomware strains have been found to use very basic encryption methods, which could be defeated with reverse engineering. But the most widely spread versions use strong encryption systems that cannot be brute-forced or reverse engineered. In these cases, getting the decryption key is the only solution.<\/p>\n<p>A group of companies, including Kapersky and Amazon, have come together to create the <a href=\"https:\/\/www.nomoreransom.org\">No More Ransom Project<\/a>, which advocates against paying any ransoms. Ransomware has become one of the biggest threats in cyber security in just a few years, and everyone is a target \u2013 including individuals <a href=\"https:\/\/www.wired.com\/2016\/03\/ransomware-why-hospitals-are-the-perfect-targets\/\">hospitals<\/a>, and <a href=\"http:\/\/www.darkreading.com\/attacks-breaches\/police-pay-off-ransomware-operators-again\/d\/d-id\/1319918\" rel=\"nofollow\">police departments<\/a>. As long as ransomware is financially lucrative, this trend will continue.<\/p>\n<p>Less than 48 hours after CrySiS\u2019 master key was posted, decryptor tools, which return files to their original state, had been updated to support decrypting.<\/p>\n<p>Kapersky\u2019s Rakhni Decryptor tool can be <a href=\"https:\/\/www.nomoreransom.org\/decryption-tools.html\">downloaded for free<\/a> and \u2018unlocks\u2019 files affected by more than a dozen types of ransomware, including CrySiS.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CrySiS Ransomware Decryption Key Leaked By Anonymous User. A small victory this week against the ever-troublesome ransomware software, specifically CrySiS Ransomware, which has become one of the largest cyber security&#8230;<\/p>\n","protected":false},"author":2,"featured_media":3190,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[264,265,263],"class_list":["post-3189","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-crysis","tag-master-key","tag-ransomware","post-with-tags"],"views":9292,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2016\/11\/Depositphotos_40873681_m-2015.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=3189"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/3189\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/3190"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=3189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=3189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=3189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}