Security specialist ESET has announced the public availability of a free decryption tool designed to reverse the effects of the Crysis ransomware package, restoring users' files without the need to cough up cash.
The latest in an ever-increasing string of ransomware packages which has included the gaming-centric TeslaCrypt
and Synology NAS targeted SynoLocker
, Crysis works exactly like its predecessors: systems are infected through known vulnerabilities or simple social engineering, then files stored thereon are silently encrypted in the background. Once encryption is complete, the user is then greeted with a screen explaining that the private key required to restore the files to their original state will only be provided upon payment of a cash ransom - typically using the Bitcoin cryptocurrency.
Earlier this month, an unknown user posted the entire set of encryption keys used within Crysis to Pastebin
, with evidence that whomever did so had access to the malware's original source code. Using these keys, researchers at antivirus firm ESET have been able to produce a decryption tool which is capable of decrypting files scrambled by a Crysis infection.
It's not the first time developers have been able to reverse a ransomware infection: in April 2015 Kaspersky happened across a cache of keys used by the CoinVault ransomware and was able to produce a decryption tool
with a limited success rate; in May this year the creator of the TeslaCrypt ransomware released its master key
allowing fully successful decryption tools to be developed, stating 'we are sorry
' to those who had been affected by the malware.
Those battling a Crysis infection, meanwhile, can download ESET's free decryption utility from the company's official website