No more Crysis: Master keys and ransomware decryptor released

Security firm Kaspersky Labs has updated its RakhniDecryptor program to decrypt the files of Crysis victims.
By Jessica Davis
10:24 AM

Master decryption keys for the major ransomware strain Crysis were released on security blog BleepingComputer forum by a member on Monday. The user's post contained the master keys and directions on how it should be used.

Security firm Kaspersky Lab examined the master keys and determined their legitimacy, security expert Lawrence Abrams reported. The firm already used the keys to update its RahkniDecrytor program, which can be used to decrypt files of those infected with the Crysis virus.

Crysis was first discovered in February, but the frequency of attacks increased in June when it became the number one prevalent new ransomware. The strain is able to not only encrypt files and usernames, but actually copy and pull files from the network - placing healthcare organizations in the territory of an actual breach.

[Also: Meet the 'number one prevalent' new ransomware: Crysis]

Attacks started with the financial industry and quickly spread to healthcare and manufacturing.

The identity of the user who posted the keys is unknown, Abrams said. However, the fact that the user has intimate knowledge of the master decryption key structure, and that the keys were released as a C-header file indicate the user may be a Crysis developer.

"Why the keys were released is also unknown," he continued. "But it may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them."

Crysis victims can download the decryptor on Kaspersky's website, and once the program runs, users can follow the directions to decrypt files. With the release of the decryptor, victims can regain control of their data without paying the ransom.

Twitter: @JessieFDavis
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn