One more ransomware is finally defeated, and now this is CrySiS ransomware.

November 14, 2016 the well-known malware researcher and founder of BleepingComputer Lawrence Abrams had received a link to Pastebin. When he passed the link he saw all master keys needed to decrypt the data affected by CrySiS ransomware. Also, the file contained complete and detailed instructions on the use of these keys and on the data decryption. These keys have been sent for analysis to Kaspersky Lab, and now we can say with confidence that they are working, and they can be used to decrypt all files encrypted by CrySiS ransomware. These keys have been added to the database of RakhiniDecryptor (decryptor, developed by Kaspersky Lab).

What happened can be considered as another triumph, achieved thanks to public pressure on police. Until recent years, only major cases of industrial espionage, hacking of banking networks or major corporate networks and crimes against the state authorities, politicians or celebrities were considered as cybercrimes. But now, thanks to that outrage, which has risen in the last year, many governments have finally decided to provide assistance to the malware-fighters in the real world. Many countries provide all possible assistance by providing information and carrying out justice to online criminals.

Information about these keys were laid out on BleepingComputer forum by user under the nickname crss7777, that posted two messages and since then never contacted with the community. He did not explain who he is, and how he got the keys. Examining the structure of the data provided, we can assume that this user is one of the creators of Crysis ransomware, and the keys have been published because the hackers got enough money and decided to lift themselves from the blow. The only thing we can hope for is that this maneuver will not achieve success, and the investigation on CrySiS case will continue. Do not forget that thousands of users whose data has been encrypted have paid the ransom, while others were deprived of access to their files for a few months.

Now, when everything is over, we ask you to inform your friends and acquaintances that all victims of CrySiS ransomware can decrypt their data by downloading RakhiniDecryptor. In case of problems or errors in the process of decoding, you can express the essence of the problem in the comments to this article, or in the specified topic on BleeepingComputer forum.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.