This article is more than 1 year old

Cryptxxx shipwrecked: Laughing white hats shred latest ransomware

Darwin award up for grabs as crims and Kaspersky push each other to survive or die

Kaspersky white hats have again ruined the Cryptxxx malware by offering victims a free decryption tool that will unwind all variants of the menace.

The infuriating researchers have followed their first decryption effort that busted up the earlier Cryptxxx variant causing VXers to re-write and reissue a patched ransomware release.

Now the researchers have updated their free RannohDecrypter tool so that it defeats the patched malware.

It will send ransomware scum back to the developer board to produce a hardened and more difficult to pop offering.

The researchers' work is significant; Cryptxxx is used in some of the most high-profile and prolific malvertising campaigns that have torn through the biggest websites across the world with infected ads that deliver any combination of trojan and exploit kit, before dropping the ransomware.

That combination is poison for for users whose machines meet the specifications for infection, normally some combination of Internet Explorer, a runtime like Flash, and missing patches.

Researches may find themselves in an arms race with Cryptxxx should the authors weather the decryption storm and keep producing fixed variants.

Or they may like Linux.Encoder seemingly succumb to the barrage of attacks by meddling white hats some of whom go as far as to release surreptitious deliberately-weakened ransomware blueprints in a bid to waste the time of copy-and-paste VXers.

Hackers at BitDefender wonks dropped three decrypter tools to wreck each version of Linux.Encoder, a savagery that prompted sarcastic security types to offer the VXers encryption advice on Twitter.

Kaspersky researchers and other white hats are a hated menace in malware circles. Authors of the BlackEnergy pwn kit went as far as to leave a note in one variant of the codebase which read "f**k you Kaspersky" after hackers at the firm published analysis of the threat. ®

More about


Send us news

Other stories you might like