This article is more than 1 year old
Boffins bake Crysis ransomware's keys into handy decryptor
Developers may have dropped keys to drop cops
Anti-malware outfit ESET has baked master decryption keys into a tool that lays waste to the Crysis ransomware.
Crysis began to gain traction in June after being first noticed February circulating through malicious emails and leveraging the demise of now dead rival TeslaCrypt.
The malware encrypts about 200 file types across internal and external storage, and network shares, deleting backup shadow files.
In Australia and New Zealand Crysis was found attacking businesses through remote desktop protocol and infecting routers to re-infect cleaned up computers.
An online user to the forum Bleeping Computer found and published the universal master keys for the latest variant of Crysis, enabling technically-savvy victims to free their encrypted files without paying.
Bleeping Computer researcher Lawrence Abrams says he suspects the user could be a developer of Crysis who dropped the keys to avoid law enforcement heat.
'Though the identity of (user) crss7777 is not currently known, the intimate knowledge they have regarding the structure of the master decryption keys and the fact that they released the keys as a C header file indicates that they may be one of the developers of the CrySiS ransomware," Abrams says.
"Why the keys were released is also unknown, but it may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them."
Crysis attack flow.
Now anti-malware wonks at ESET have baked those keys into a free application allowing anyone to liberate their Crysis-encrypted files.
Efforts to de-fang ransomware have been formalised into the nomoreransom alliance which unifies several disparate efforts, but still left a few ransomwares undefeated.
Criminals can net a conservative US$84,000 a month slinging ransomware for an investment of US$6000, a whopping 1425 per cent profit margin, Trustwave found last year. ®