Free Decryptor for the CryptXXX v.3 Ransomware Available Now


Victims of the infamous CryptXXX v.3 ransomware are now able to unlock their encrypted files as security researchers have released a free decryption tool for the threat.

The decryptor is included in a free application shared by the No Ransom Project, called the RannohDecryptor utility. The tool has successfully managed to unlock files encrypted by CryptXXX version 2 but, until now, it was not able to decrypt files targeted by version 3.

CryptXXX was first noticed in April and it is known as one of the ransomware pieces with the highest number of victims around the globe. It has been mostly targeting American users but Germany, Japan, and Russia are also among the top-targeted countries. According to experts, the ransomware has given cybercriminals the opportunity to make huge profits.

Security researchers stated that the ransomware was being distributed via Exploit Kits (EKs) like Neutrino, Magnitude, and Angles EKs. Ever since its appearance on the ransomware stage CryptXXX was been rapidly evolving, noted the SentinelOne security firm.

In June, the ransomware developers managed to fix the security flaws which allowed decryption of files without paying the ransom. One month earlier, in May, Kaspersky Lab researchers had updated their decryptor (RannohDecryptor to be able to unlock files targeted by the second version of CryptXXX.

The Kaspersky experts were able to find and exploit vulnerabilities in the CryptXXX`s code and unlock files every time the ransomware`s authors released a new version. They found that the ransomware is leveraging on a DLL written in Delphi and that it relies on several encryption algorithms to lock the files.

CryptXXX v.3 appends the .crypt, .cryp1 and .crypz extensions at the end of encrypted data. The ransomware`s latest version also includes a stiller.dll module which is able to steal victims` account credentials.

“After the files are encrypted and all the valuable data is transferred to the criminals, the Trojan displays a message to the victim demanding a ransom.” – Kaspersky Lab researchers said.

If you have been attacked by the notorious CryptXXX, check the list decryption tools which are available at the No Ransom page.

Simona Atanasova
Simona has graduated First language school - Varna, Bulgaria with a main focus on English philology. In 2016 she received her Bachelor`s Degree in International Economic Relations from the University of Economics – Varna.Simona has been taking journalism classes in Sofia University “St. Kliment Ohridski” for a year and, currently, she is presenting all cyber-security and cyber-thread related news at


Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.