U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Victims of the CryptXXX v.3 can now use a free tool to decrypt their files

Security researchers have released a decryption tool for unlocking files encrypted by the notorious CryptXXX v.3 ransomware. CryptXXX v.3 ransomware was defeated, researchers have released a decryption tool for unlocking encrypted files. The decryption tool was included in the RannohDecryptor utility, a free application shared by the No Ransom Project. The utility was already able to unlock […]

Victims of the CryptXXX v.3 can now use a free tool to decrypt their files

Security researchers have released a decryption tool for unlocking files encrypted by the notorious CryptXXX v.3 ransomware.

CryptXXX v.3 ransomware was defeated, researchers have released a decryption tool for unlocking encrypted files. The decryption tool was included in the RannohDecryptor utility, a free application shared by the No Ransom Project.

The utility was already able to unlock a limited list of files encrypted by the CryptXXX v.3, but not it is able to recover almost any file targeted by the v.3.

The CryptXXX ransomware is one of the ransomware with the highest number of victims in the wild that targeted mostly US users. Russia, Germany and Japan are also in the top-targeted countries.

CryptXXX ransomware was first spotted in April, experts believe it allowed criminal organizations to earn a lot of money.

The experts noted an intense activity involving the malware that was spread in campaigns leveraging on Angler, Neutrino, and Magnitude exploit kits.

Since April, CryptXXX has rapidly evolved, according to the firm SentinelOne, in June a new campaign that fixed the security flaws that allowed decrypting locked files without paying the ransom.

In May, experts at Kaspersky Lab have updated their decryption tool to adapt to the second version of the CryptXXX ransomware in the RannohDecryptor 1.9.1.0.

Every time the author of the CryptXXX released a new version, experts from Kaspersky were able to exploit flaws in the code of the ransomware to unlock the encrypted files.

The researchers from Kaspersky Lab, discovered the malware leverage on a DLL written in Delphi and uses several encryption algorithms to lock the files.

Once CryptXXX v.3 locks files, it appends the extensions .crypt, .cryp1 and .crypz. The latest variant of the malware also includes a module called stiller.dll that is tasked with stealing account credentials from the victim’s machine

“After the files are encrypted and all the valuable data is transferred to the criminals, the Trojan displays a message to the victim demanding a ransom,” Kaspersky Lab researchers said.

If you are one of the victims of ransomware give a look at the list of available decryption utilities that was included in the No Ransom website.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  cybercrime, ransomware)

[adrotate banner=”13″]