Unknown Party Releases Master Decryption Keys For CrySis Ransomware

Ransomware remains one of the biggest threats to Internet users to date. Thankfully, several strains of malware have been decrypted as of late, whereas others have seen their master decryption key exposed. CrySis ransomware,  a strain that has never become overly popular, has seen the developers release the master decryption key to the public. This is a positive development, but it is only a small victory in a much larger war.

CrySis Ransomware Is No Longer A Threat

Once the master decryption keys for CrySis were revealed, it didn’t take long for security researchers to turn that knowledge to good use. Kaspersky Labs has already integrated their keys into the Rakhni decryptor, a tool designed to help users get rid of malware, free of charge. For now, all victims of CrySis version two and three can restore file access with just a few clicks.

It remains unknown who released the master encryption keys for this malware, though. A post appeared on the BleepingComputer Forums yesterday morning, indicating the key can be used to get rid of the ransomware. It is possible that the developer himself/herself posted this information, as we have seen other devs do so in the past.

In fact, the knowledge presented by the person posting the keys shows that he/she is closely involved in the CrySis project. The information was released as a C header file, which made it rather easy for security researchers to verify its contents. Now that law enforcement agencies are cracking down on cyber criminals, developing and maintaining ransomware becomes less appealing.

CrySis has been around since February of 2016, and seemed to be underway to become a fan favorite among criminals. Distribution took place through spam campaigns and malicious email attachments, as one would come to expect. Despite this initial success, CrySis accounted for “only” 1.15% of ransomware attacks throughout 2016.

Despite this moral victory, the ransomware threat is far from over. Every month new variants seem to crawl out of the woodwork. Distribution methods are also changing, ranging from HTTP redirection attacks to malvertising and others. Internet users must remain vigilant at all times, as dangers lurk around every piece of code and any website.

The best course of action is never to meet the ransomware demands. Once a computer is infected, users will be asked to pay a sum of money–usually around one bitcoin worth of money–to restore file access. Paying that money is never a guarantee of getting files restored, by any means.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.