Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

NoMoreRansom: Free Decryption for Latest Cryakl Ransomware

Decryption keys for a current version of Cryakl ransomware have been obtained and uploaded to the NoMoreRansom website. Victims of Cryakl can potentially recover encrypted files with the Rakhni Decryptor available for free from Kaspersky Lab or NoMoreRansom.

Decryption keys for a current version of Cryakl ransomware have been obtained and uploaded to the NoMoreRansom website. Victims of Cryakl can potentially recover encrypted files with the Rakhni Decryptor available for free from Kaspersky Lab or NoMoreRansom.

NoMoreRansom is a collaborative public/private project launched by Europol, the Dutch National Police, Kaspersky Lab and McAfee in July 2016. Its purpose is to help ransomware victims recover encrypted files through the use of decryptors. Since its launch, other national law enforcement agencies and additional private companies have joined the project. There are now 52 decryption tools available on the site, able to recover files from 84 ransomware families.

The project now comprises more than 120 partners, including more than 75 private organizations. The Cypriot and Estonian police are the most recent law enforcement agencies to join, while KPN, Telenor and The College of Professionals in Information and Computing (CPIC) have joined as new private sector partners. Europol claims that the site has enabled more than 35,000 ransomware victims to recover their files without paying a ransom – preventing criminals from profiting from more than €10 million.

The Rakhni Decryptor, developed by Kaspersky Lab, could already decrypt older versions of Cryakl – which first appeared in 2015. It could not, however, decrypt the latest version – which it now does.

The Belgian Federal Computer Crime Unit (FCCU) learned that Belgian citizens had been victims of this new version of Cryakl. It was able to locate a C2 server in an unspecified neighboring country. The Netherlands is one neighbor state that is often used by criminals to host their malicious servers.

“Led by the federal prosecutor’s office,” announced Europol Thursday, “the Belgian authorities seized this and other servers while forensic analysis worked to retrieve the decryption keys.” Kaspersky Lab provided technical expertise, and has now included the recovered keys in its Rakhni Decryptor, uploaded on behalf of the Belgian authorities.

The Rakhni Decryptor, says Kaspersky Lab, “Decrypts files affected by Rakhni, Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Cryptokluchen, Lortok, Democry, Bitman (TeslaCrypt) version 3 and 4, Chimera, Crysis (versions 2 and 3), Jaff, Dharma and new versions of Cryakl ransomware.”

The Belgian authorities are continuing their investigation into the operators of the seized C2 servers, but decided not to wait before making the recovered keys available to victims. It is, says Europol, “another successful example of how cooperation between law enforcement and internet security companies can lead to great results.”

Advertisement. Scroll to continue reading.

Related: NoMoreRansom Says 28,000 Victim Devices Decrypted 

Related: NoMoreRansom Expands with New Decryptors, Partners 

Related: NoMoreRansom Initiative Gets Global Law Enforcement Support 

Related: CrySiS Ransomware Master Decryption Keys Released 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.