Reading: Ransomware Tool Has Decryption Keys Leaked by Anonymous User


Ransomware Tool Has Decryption Keys Leaked by Anonymous User

Trevor Hill | Nov 16, 2016 | 04:00


Ransomware Tool Has Decryption Keys Leaked by Anonymous User

Trevor Hill | Nov 16, 2016 | 04:00

The master decryption keys for the ransomware, CrySis, has been released to the public, news that will undoubtedly come as a pleasant surprise to those victimized by the malware.

Also read: Most Popular Bitcoin Wallet to Allow Credit and Debit Card Funding

Another Ransomware Tool Bites the Dust

The decryption keys first became public when a user posted them on a the forums of The user, known only as crss7777, posted the decryption keys on the forum at 1 AM Sunday morning. 

Researchers at Kaspersky Lab, who have recently launched an anti-ransomware campaign in conjunction with Intel Security and international law enforcement this summer, quickly added the keys to their Rakhni decryptor — a sort of one-stop shop for ransomware decryption.kaspersky_anti-virus_4389175

There is a large amount of uncertainty regarding why these keys were revealed and how this anonymous contributor even obtained them. However, there are some theories being thrown around that could ultimately help to answer these questions.

The site’s founder, Lawrence Abrams, believes that it could have been one of the ransomware developers who posted the decryption keys on the forum.

This could very well be the case considering the mounting pressure by authorities cracking down on developers of ransomware; another theory laid out Abrams.

“Though the identity of crss7777 is not currently known, the intimate knowledge they have regarding the structure of the master decryption keys and the fact that they released the keys as a C header file indicates that they may be one of the developers of the CrySiS ransomware,” Abrams said. “Why the keys were released is also unknown, but it may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them.”

CrySis entered the ransomware scene earlier this year, in February. It became a go-to choice among hackers when TeslaCrypt ransomware was decrypted, when its respective master key were released to the public at-large.

Eventually, it had become a fairly common ransomware method for hackers, with Kaspersky researchers reporting that CrySis accounted for 1.15 percent of ransomware infections this year, with most of the victims found in Russia, Japan, South and North Korea, and Brazil.

What do you think of CrySis’s master decryption keys being revealed to the public? Let us know in the comments below!

Source: Threatpost

Images courtesy of Kaspersky Lab, Shutterstock

Show comments