Free Decryption Tool Released for Cryakl Ransomware

Free Decryption Tool Released for Cryakl Ransomware

Written By / Courtesy of Bleeping Computer

Belgian Federal Police together with Kaspersky Lab have released a free decryption tool for some versions of the Cryakl ransomware.

In a joint statement released through Europol, Belgian police said they were able to track down one of Cryakl ransomware’s command-and-control (C&C) servers to a data center in one of Belgium’s neighboring countries.

Belgian authorities seized this and other servers and then performed forensic analysis to retrieve Cryakl decryption keys stored on the server.

Decryption keys added to Kaspersky’s Rannoh Decryptor app

Kaspersky Lab experts integrated the newly discovered decryption keys in the company’s Rannoh Decryptor, a generic ransomware decryption utility that can be used to decrypt many other ransomware strains as well.

The Cryakl ransomware was first spotted in September 2015 and remained active through the years. Its most prolific period was late 2015 to mid-2016 when Kaspersky Lab statistics ranked it as one of the most active ransomware strains [1, 2]. Ransomware distribution died down in the subsequent period, but the ransomware has remained active and new versions have continued to appear, even recently. For example, Cryakl version was detected over 50 times on the ID-Ransomware portal this year alone, while version has been seen over 100 times since December 26, last year.

Kaspersky experts found encryption flaws in early versions of the Cryakl ransomware. The Rannoh Decryptor utility already included support for decrypting these early Cryakl versions for at least two years.

Subsequent Cryakl versions were not decryptable, but with the new decryption keys obtained by Belgian police, some victims who made backups of Cryakl-encrypted files can now hope to recover their data.

Decrypter available via NoMoreRansom project

The updated Rannoh Decryptor utility can be downloaded via the NoMoreRansom project’s website. Belgian Federal Police also became an official member of the NoMoreRansom project with today’s announcement. Cypriot and Estonian police also joined the project, which now numbers 52 members from law enforcement and the private (security and non-security) sector.

Belgian police also became the second law enforcement agency to provide decryption keys to the NoMoreRansom project after Dutch police did so numerous times in the past.

If victims need help with the Cryakl ransomware decryption process, they can ask for it on Bleeping Computer’s Cryakl ransomware support forum.

Read the original article over at Bleeping Computer.