Skip to main content

After update, Kaspersky tool no longer combats CryptXXX ransomware

A close up of a woman using a laptop that is displaying Kaspersky software on its screen.
Image used with permission by copyright holder
Ransomware is a growing threat to anyone that uses a computer — even the U.S. House of Representatives has been a recent target. This kind of attack can result in a desperate situation for the victim, and there’s now word that a common strain of the malware has been upgraded to resist countermeasures.

Last month, Kaspersky released a tool intended to help users targeted by the CryptXXX ransomware regain access to their systems without paying a bounty to the culprits. Now, researchers at Proof Point have identified a new version of the malware that can sidestep the company’s RannohDecrypter utility.

RannohDecrypter was originally developed to help users targeted by the Rannoh Trojan, but was later expanded to tackle CryptXXX as well. In response to this, the authors of CryptXXX have made some adjustments to the way their weapon targets systems to extort their owners.

Version 2.006 of CryptXXX locks down the targeted system completely, which was initially interpreted by Proof Point as a “quick and dirty” means of preventing the use of RannohDecrypter. However, there’s another more sophisticated strategy at play that removes Kaspersky’s tool from the equation.

CryptXXX now causes an error message to read, “encrypted file size does not equal to original” when the user attempts to employ RannohDecrypter. It’s thought that the malware is using the zlib data compression library as a means of counteracting the utility.

This development illustrates the cat-and-mouse game of modern security research. Research teams and malware developers are continually trying to stay one step ahead of the competition, which often boils down to studying the last move made by their opponent.

The advice on how to stay safe remains the same; keep your security software up to date, and avoid clicking any suspicious links, or opening unsolicited email attachments.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Google will begin labeling AI-generated images in Search
Google Search on mobile

AI-generated images have become increasingly predominant in the results of Google searches in recent months, crowding out legitimate results and making it harder for users to find what they're actually looking for. In response, Google announced on Tuesday that it will begin labeling AI-generated and AI-edited image search results in the coming months.

The company will flag such content through the “About this image” window and it will be applied to Search, Google Lens, and Android's Circle to Search features. Google is also applying the technology to its ad services and is considering adding a similar flag to YouTube videos, but will "have more updates on that later in the year," per the announcement post.

Read more
Best VPN deals: Save on NordVPN, ExpressVPN, and Surfshark
A close-up of a computer monitor displaying a generic VPN.

VPNs have been becoming quite big in the last few years, and a lot of that is due to so much content online being geo-blocked, but now, some of the best VPN services have started offering a lot more. Beyond just access to to geo-blocked content, a VPN can offer things like ad blocking, an anti-virus, and even double-layers of obfuscation to help keep what your browse away from prying eyes. Luckily, there are a huge amount of VPNs out there to pick from, and we've gone out and collected some of our favorite VPN deals so you can pick and choose the one that works the best for you.

Nord VPN 12-month basic subscription -- $60, was $139

Read more
Launching Windows 11 apps could get up to 50% faster thanks to this new tech
Microsoft Store Ads on a Dell XPS Laptop.

Windows Latest has spotted a recent support document post from Microsoft confirming native Ahead of Time (AOT) support has been added to the Windows App SDK. According to Microsoft, this could bring major improvements to the launch times of Windows 11 apps. In its own testing, Microsoft has measured a 50% reduction in start times and around an 8x reduction in package size.

The Windows App SDK exists to help developers use classic desktop app frameworks to make apps with access to modern APIs that can be used across all kinds of Windows devices.

Read more