Legal View

Free decryption keys for Cryakl ransomware released

The last few years have seen a surge in ransomware attacks.
The last few years have seen a surge in ransomware attacks.

The Belgian Federal Police have released free decryption keys for the Cryakl ransomware, following a successful investigation and co-operation with Kaspersky Lab.

The keys were obtained during an ongoing investigation, and shared with No More Ransom, an initiative by the National High Tech Crime Unit of the Netherlands' police, Europol's European Cybercrime Centre, Kaspersky Lab and McAfee.

The No More Ransom portal aims to help victims of ransomware retrieve their encrypted data without having to pay the attackers.

Surge in ransomware

The last few years have seen a surge in ransomware attacks, with global campaigns indiscriminately affecting individuals and organisations across a variety of industries, in both the public and private sectors.

According to Kaspersky Lab, Cryakl has been active since September 2015, operating in the same way as other ransomware strains, by searching an infected system for files, encrypting them, then demanding payment for providing the encryption key needed to retrieve the files. It threatens to delete the encrypted files if payment isn't received within seven days.

However, unlike more recent forms of ransomware which ask for payments to be made in crypto-currency, Cryakl victims were told to contact the criminals by e-mail.

Cryakl has been most active in Russia, but has infected users across Europe, with over 2 000 infections in Italy and Germany, and more than 1 000 in Spain. Hundreds have been infected in UK, Belgium, France, Poland and Austria, too.

Fifty-two tools available

ITWeb Security Summit 2018

Registration is open for ITWeb Security Summit 2018, which will feature cyber security guru Mikko Hypponen and other international infosec players as plenary speakers. Get involved in #SS18HACK and choose from two half-day workshops or a full-day Boot Camp plus five training courses. Click here for the agenda. For the first time, ITWeb Security Summit will also take place in Cape Town.

No More Ransom now has 52 free decryption tools available to users, for 84 ransomware families, including CryptXXX, CrySIS and Dharma, which are the most popular infections.

More than 35 000 people have managed to get their files back, at a loss to criminals of an estimated EUR10 million.

Since the inception of the portal in July 2016, almost 1.6 million people from more than 180 countries have accessed the Web site, available in 29 languages.

Don't pay the ransom

Jornt van der Wiel, security researcher in the Global Research and Analysis Team at Kaspersky Lab, says the company's regular advice in the case of ransomware attacks is to not pay the ransom.

More than 120 global partners, including a number of cyber security experts and 25 information security companies, are working together to help ransomware victims, creating new tools for decryption that have never been available before.

"The policy is working, and is a reminder that there is always a chance of winning in the fight with criminals," Van der Wiel adds.

The Cypriot and Estonian police forces are the latest law enforcement agencies to join. KPN, Telenor and the College of Professionals in Information and Computing have also joined as new private sector partners.

More information as well as prevention tips are available at www.nomoreransom.org.

Read time 2min 30sec
Kirsten Doyle
ITWeb contributor.

Kirsten Doyle is ITWeb contributor.

Have your say
a few seconds ago
Be the first to comment