Ransomware Gives Away Key

Monday, July 18, 2016 @ 03:07 PM gHale


Whether it was by accident or on purpose, it is possible to get a free decryption key for the CryptXXX ransomware.

It appears users visiting the Tor-based payment sites of the CryptXXX ransomware found after logging in with their ID, instead of receiving decryption instructions, they got the actual decryption key for free.

RELATED STORIES
Microsoft Finds New Ransomware
Ransomware Masked as Rockwell Update
Ransomware Works Offline
Ransomware Deletes Files, Asks for Money

This didn’t happen for all users, but only for CryptXXX ransomware variants that encrypt files using the .crypz and .cryp1 file extensions at the end.

CryptXXX does not use a master key, but private keys differ for each victim, so there’s no universal key that can unlock everyone’s files.

No one knows if revealing the keys was intentional by CryptXXX’s developers or was some kind of mistake.

Users who need help with the decryption routine can visit the Bleeping Computer forum thread where users first spotted this “freebie.”