Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

NoMoreRansom: Free Decryption for Latest Cryakl Ransomware

Decryption keys for a current version of Cryakl ransomware have been obtained and uploaded to the NoMoreRansom website. Victims of Cryakl can potentially recover encrypted files with the Rakhni Decryptor available for free from Kaspersky Lab or NoMoreRansom.

Decryption keys for a current version of Cryakl ransomware have been obtained and uploaded to the NoMoreRansom website. Victims of Cryakl can potentially recover encrypted files with the Rakhni Decryptor available for free from Kaspersky Lab or NoMoreRansom.

NoMoreRansom is a collaborative public/private project launched by Europol, the Dutch National Police, Kaspersky Lab and McAfee in July 2016. Its purpose is to help ransomware victims recover encrypted files through the use of decryptors. Since its launch, other national law enforcement agencies and additional private companies have joined the project. There are now 52 decryption tools available on the site, able to recover files from 84 ransomware families.

The project now comprises more than 120 partners, including more than 75 private organizations. The Cypriot and Estonian police are the most recent law enforcement agencies to join, while KPN, Telenor and The College of Professionals in Information and Computing (CPIC) have joined as new private sector partners. Europol claims that the site has enabled more than 35,000 ransomware victims to recover their files without paying a ransom – preventing criminals from profiting from more than €10 million.

The Rakhni Decryptor, developed by Kaspersky Lab, could already decrypt older versions of Cryakl – which first appeared in 2015. It could not, however, decrypt the latest version – which it now does.

The Belgian Federal Computer Crime Unit (FCCU) learned that Belgian citizens had been victims of this new version of Cryakl. It was able to locate a C2 server in an unspecified neighboring country. The Netherlands is one neighbor state that is often used by criminals to host their malicious servers.

“Led by the federal prosecutor’s office,” announced Europol Thursday, “the Belgian authorities seized this and other servers while forensic analysis worked to retrieve the decryption keys.” Kaspersky Lab provided technical expertise, and has now included the recovered keys in its Rakhni Decryptor, uploaded on behalf of the Belgian authorities.

The Rakhni Decryptor, says Kaspersky Lab, “Decrypts files affected by Rakhni, Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Cryptokluchen, Lortok, Democry, Bitman (TeslaCrypt) version 3 and 4, Chimera, Crysis (versions 2 and 3), Jaff, Dharma and new versions of Cryakl ransomware.”

The Belgian authorities are continuing their investigation into the operators of the seized C2 servers, but decided not to wait before making the recovered keys available to victims. It is, says Europol, “another successful example of how cooperation between law enforcement and internet security companies can lead to great results.”

Advertisement. Scroll to continue reading.

Related: NoMoreRansom Says 28,000 Victim Devices Decrypted 

Related: NoMoreRansom Expands with New Decryptors, Partners 

Related: NoMoreRansom Initiative Gets Global Law Enforcement Support 

Related: CrySiS Ransomware Master Decryption Keys Released 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...