How to remove CryptXXX ransomware and decrypt encrypted files

CryptXXX is a new ransomware that was recently discovered by the experts from the Proofpoint Company. This ransomware was firstly seen in March this year, it was distributed by an exploit kit Angler. Apart from the usual functions of the ransomware, CryptXXX also steals personal information of their victims, their passwords, and is able to steal Bitcoins.

As was mentioned before, CryptXXX ransomware was distributed by the exploit kit known as Angler. To be more specific: Angler was infecting victims with Bedep malware and it has the function to download additional malware. Once in the system, Bedep was downloading CryptXXX to the victim’s computer. Execution of malicious dll files of the ransomware occurs not immediately, experts say that malware starts after random delay (for example, Proofpoint researchers observed a delay of 62 minutes).

After activation CryptXXX behaves same as other ransomwares – encrypts data by changing the extension of files to .crypt and leaves a message to the victim with a ransom note in the files de_crypt_readme.txt and de_crypt_readme.html. Also, the ransomware is able to replace desktop wallpaper with the image that contains the ransom text. Usually, CryptXXX demands 1.2 Bitcoins (around $540 at current exchange rate).

Bedep malware usually comes with an additional component for data theft, and, as it turned out, CryptXXX followed this strategy. IT experts found that the ransomware is also able to collect information and credentials from instant messengers, email clients, ftp clients and browsers of its victims. Moreover, the analysts said that the CryptXXX can steal Bitcoins, but didn’t specify how.

Researchers say they found a suspicious resemblance between CryptXXX and old ransomware Reveton. Both of the ransomware written on Delphi, both use the delayed start, both invoke dll files in a similar way and also use a custom protocol to work with the commanding servers via TCP 443. In addition, CryptXXX and Reveton not just encrypting data, but also stealing personal information and victim’s finances. CryptXXX is spreading much faster than average ransomware and malicious website, through which the victim must pay a ransom, translated into eleven languages, that is, plans of the developers are very ambitious.

However, if you were unlucky and got infected with CryptXXX, I have good news for you. There is a solution and you will be able to decrypt all of your encrypted files. First of all you will need to download our automatic removal tool that will scan your computer for malware and clean it all. Afterwards you can download the RannohDecryptor tool which is designed to decrypt files encrypted by CryptXXX ransomware. More information about RannohDecryptor and how to use it you can find here. Keep in mind that you should firstly get rid of malware installed on your computer such as Bedep before performing the removal of CryptXXX and file decrypting.