If you are searching for the ‘Google Decrypter’ tool, the chance is very high that you have been targeted by the CryptXXX ransomware. The CryptXXX ransomware claims that you will have to buy the ‘Google Decrypter’ in order to regain access to your encrypted files – and the chance is there that once you buy the Google Decrypter, that you will get your files back – but this leaves you open for future attacks as you are then known as a victim which pays his bills.
My advice; Disconnect the device from the network, and reinstall the device.
The team from proofpoint published a post about the CryptXXX ransomware. In their post they state that the they think that this is the same team which was behind the Reveton ‘Police Locker’ ransomware.
We have not confirmed that a payment via the “personal home page” referenced above will unlock the screen. However, based on Reveton “Police locker” history (as noted previously, the authors responsible for CryptXXX were also behind Reveton), we expect this is an included feature in the ransomware, meaning the computer is probably contacting the C&C routinely to check the payment status.
Proofpoint also stated that the chance is there that new decryption tools for the CryptXXX ransomware might rise, but the cybercriminals which are behind this malware are also getting prepared for that battle.
#crypt malware #ransomware
While new decryption tools may emerge, CryptXXX’s active development and rapid evolution suggest that this new ransomware will continue to compete strongly in malware ecosystems.