Skip to main content

After update, Kaspersky tool no longer combats CryptXXX ransomware

A close up of a woman using a laptop that is displaying Kaspersky software on its screen.
Ransomware is a growing threat to anyone that uses a computer — even the U.S. House of Representatives has been a recent target. This kind of attack can result in a desperate situation for the victim, and there’s now word that a common strain of the malware has been upgraded to resist countermeasures.

Last month, Kaspersky released a tool intended to help users targeted by the CryptXXX ransomware regain access to their systems without paying a bounty to the culprits. Now, researchers at Proof Point have identified a new version of the malware that can sidestep the company’s RannohDecrypter utility.

RannohDecrypter was originally developed to help users targeted by the Rannoh Trojan, but was later expanded to tackle CryptXXX as well. In response to this, the authors of CryptXXX have made some adjustments to the way their weapon targets systems to extort their owners.

Version 2.006 of CryptXXX locks down the targeted system completely, which was initially interpreted by Proof Point as a “quick and dirty” means of preventing the use of RannohDecrypter. However, there’s another more sophisticated strategy at play that removes Kaspersky’s tool from the equation.

CryptXXX now causes an error message to read, “encrypted file size does not equal to original” when the user attempts to employ RannohDecrypter. It’s thought that the malware is using the zlib data compression library as a means of counteracting the utility.

This development illustrates the cat-and-mouse game of modern security research. Research teams and malware developers are continually trying to stay one step ahead of the competition, which often boils down to studying the last move made by their opponent.

The advice on how to stay safe remains the same; keep your security software up to date, and avoid clicking any suspicious links, or opening unsolicited email attachments.

Editors' Recommendations

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Kaspersky battles back against CryptXXX ransomware
kaspersky releases tool to counteract cryptxxx ransomware

Security experts at Kaspersky have developed a tool that can counteract the ransomware known as CryptXXX. The Russian company has now released the utility as a free download available to anyone who has been affected by the devious piece of malware.

First discovered earlier this month, CryptXXX presents certain advances over the strategies we've come to expect from ransomware. Like most attacks of this kind, it encrypts the files on your computer using the .crypt extension, at which point the targeted user is prompted to pay a sum of $500 in Bitcoin in order to regain access.

Read more
Has Petya ransomware locked you out of your PC? A new tool can let you back in
NotPetya ransomware

If you unwittingly fell victim to the Petya ransonware, there's a way to get your data back without paying hundreds of dollars. The solution may not be effective in defeating future Petya code if the code is changed in the future, but it works with the current version, according to

When your computer is hijacked by Petya, the entire drive isn't encrypted. The actual area that's encrypted and effectively renders your system useless until unlocked is a specific segment on the drive. The boot sectors hold information needed to fully operate and access all the data on your computer, and that's what the malware locks down. When you enter the decryption code the Petya developers want you to purchase, the boot sector information is un-encrypted and everything is put back to normal.

Read more
Flash: Adobe issues emergency update after ransomware attacks
adobe flash logo

Check your Web browser is running the latest version of Flash. And do it now.

Adobe has issued a global alert to computer users around the world warning of a serious security flaw that leaves machines open to ransomware attacks. The company is urging all users to update to the most recent version of the software, which it rolled out Thursday, as soon as possible.

Read more