Cryakl ransomware antidote released after servers seized

Free decryption keys for the Cryakl ransomware were released last Friday – the fruit of an ongoing cybercrime investigation.

The keys were obtained during an ongoing investigation by Belgian cops, and shared with the No More Ransom project, an industry-led effort to combat the growing scourge of file-encrypting malware.

The decryption utility was developed by security experts after the Belgian Federal Computer Crime unit located and seized a command-and-control server, allowing the recovery of decryption keys. Kaspersky Lab provided technical expertise to the Belgian authorities.

The decryption tool allows the file decryption of most – but not all – versions of Cryakl. White hat group MalwareHunterTeam told The Register that all infection versions newer than CL 1.4.0 resist this antidote.

Nonetheless, the release of the tool will offer welcome relief to many of those organisations hit by Cryakl, which will now have the ability to recover encrypted files without paying crooks a ransom.

Since the launch of the NoMoreRansom scheme more than a year ago – in July 2016 – more than 35,000 people have managed to retrieve their files for free, thus preventing miscreants from pocketing over €10m, according to a statement by European policing agency Europol.

There are now 52 free decryption tools on nomoreransom.org, which can be used to decrypt 84 ransomware families. CryptXXX, CrySIS and Dharma are the most detected infections.

Ransomware has eclipsed most other cyber threats over recent years, with global campaigns now indiscriminately affecting organisations across multiple industries in both the public and private sectors, as well as consumers. ®