While the entire cybersecurity world is focusing on WannaCryptor ransomware and ways to help its victims, someone has released 200 master keys for the latest variants of another notorious ransomware family (detected by our systems as Win32/Filecoder.Crysis) – namely those that add the .wallet and .onion extension to the affected files.
Based on this information, our experts have been able to prepare an ESET Crysis decrypting tool. Victims who still have their encrypted files can now download the decryptor from our utilities page. If there is any need for additional information on how to use the tool, please refer to ESET Knowledgebase.
The keys were published by a new member of a forum at BleepingComputer.com focused on helping ransomware victims. This has become a habit of the Crysis operators lately – with this being the third time keys were released in this manner. Since the last set of decryption keys was published, Crysis ransomware attacks have been detected by our systems over ten thousand times.
Decryption tools are hot goods these days as most of the cybersecurity community is trying to find a way to decrypt files hit by Win32/WannaCryptor.D ransomware. And there have been some advances in this field, namely thanks to Adrien Guinet, who published a tool called wannakey, which is able to perform RSA key recovery on some of the Windows XP machines.
This has led to the creation of another tool named wanakiwi, which works for some users with newer versions of Microsoft OS going up to Windows 7. However, there is one condition for this to work: the machines must not have been rebooted after being infected. Without a reboot – and with some luck – the prime numbers used to generate a WannaCryptor secret key might still be stored in the memory.
Despite the good news, ransomware remains one of the most dangerous computer threats at present. Prevention is essential in keeping users safe.
Therefore, we recommend that all users keep their operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).
Source: WeLiveSecurity Link: https://www.welivesecurity.com/2017/05/22/keys-crysis-released-decryption-efforts-wannacryptor-files-continues/