DecryptorMax Ransomware Decrypted, No Need to Pay the Ransom

[kantry123]

Emsisoft researchers creates decryption tool

Fabian Wosar of Emisoft has created a tool capable of decoding files encrypted by the DecryptorMax ransomware, also known as CryptInfinite.

The ransomware gets its name from the fact that the "DecryptorMax" string is found in multiple places inside its source code. Additionally, the CryptInfinite moniker is also used by some researchers because the ransomware adds the CryptInfinite key to the Windows registry, using it to store a list of all encrypted files and their location on disk.

According to Bleeping Computer's Lawrence Abrams, the ransomware is spread via Word documents attached to spam email. These files pose as resumes.

Users get infected via weaponized Word documents

Infection occurs when users open the document and enable Word Macros so that they can view the "proper" file. Word Macros are a known security vulnerability used by many malware developers to spread Web-hosted malware to Windows computers.

If this happens, from here on out, the ransomware is installed and immediately starts encrypting data files, adding the .crinf extension to all altered files.

Ransom notes are left in each folder that contains encrypted files, telling the user they have 24 hours to send a PayPal MyCash voucher code to one of three email addresses ([email protected], [email protected], [email protected]).

Additionally, the ransomware also changes the user's desktop wallpaper with a version of the ransom note, then deletes all Shadow Volume copies, and also disables Windows Startup Repair so that the user won't be able to load previous backups.

The decryption process, with Emsisoft's DecryptInfinite

Mr. Wosar's tool, called DecryptInfinite, is quite easy to use and will allow DecryptorMax victims to unlock their files without paying the ransom. Using it is quite straightforward, and users need to go through some simple steps before decrypting files.

After they start the tool, users are required to drag and drop two files over the tool's main window. These have to be an encrypted file along with a version of the same file but in unencrypted form.

If users don't have at least one file in its unencrypted form, they should take a random PNG from the Web and drag it together with an encrypted PNG image from their computer. This will have the same results.

From here on out, the tool will compute the decryption key needed to decode files. This is a lengthy process, so have patience when using DecryptInfinite.

More details on how to use DecryptInfinite and how the tool works can be found in a forum thread on Bleeping Computer.

SRC>>>http://news.softpedia.com/news/decryptormax-ransomware-decrypted-no-need-to-pay-the-ransom-496848.shtml

regards

[knowledge-Spammer]

[Holmes]

Did you get hit with a ransomware again knowledge? Is that you just posting a image from online from someone else getting hit with a ransommware I hoope yoou didnt get hit again. I have never heard of this ransomware malware before its good the security researcher from emsisoft made a tool to decrypt encrypted files.

[knowledge-Spammer]

Did you get hit with a ransomware again knowledge? Is that you just posting a image from online from someone else getting hit with a ransommware I hoope yoou didnt get hit again. I have never heard of this ransomware malware before its good the security researcher from emsisoft made a tool to decrypt encrypted files.

i was doing tests

as some one asked me is this program real or fake so i post the image

cant think of the users name but think he a users from http://www.bleepingcomputer.com/forums/t/596691/decryptormax-or-cryptinfinite-ransomware-crinf-extension-support-topic/

i never get ransomware nomore on my pc i stoped some tesing that have give me ransomware befor i learned not to play with ransomware no more but sometimes i have some friends not so smart on pcs so i try and help remove virus and ransomware for them on TeamViewer but some time people have tricked me on TeamViewer just to try and give me virus so now my security is 100% and never get virus when trying to help people

[straycat19]

I used VMs to test malware till the authors started coding their software to detect if it was running on a VM and then it would stop running and delete itself without leaving a trace. So I set aside one desktop and one laptop to test malware on. I just image a bunch of drives and after every test change the drives via a front panel cassette or using spare laptop drives that have attached mounts. When I get enough used drives I wipe them completely and reimage them. It is they only safe way to test this crap.