You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

Rubber Boats

  • *
  • 2
  • +0/-0
      • View Profile
Help with DecrytorMax Ransomware and the .crinf extension
« on: November 19, 2015, 06:24:21 pm »
At my dealership, the Vice President got this DecryptorMax ransomware.  I have cleaned the computer, removed the important files, and installed a fresh copy of Windows 8.1.  I have secured her computer down to help prevent these types of attacks in the future and will be educating her as much as I can. 

With that said, I am still tasked with trying to get her files decrypted.  Among the files, she has her newborn baby photos from the last couple months and they are the only copy.  While we do have an excellent backup here at the shop with a RAID 1 and Cloud Backup with Versioning, her backup program hadn't been running and she kept forgetting to bring me her computer to fix this.  So, these files are very important, both baby photos and important business documents.

Thanks to Sensors Tech, they posted a new article about this specific ransomware today.  But, it looks like the only way currently to decrypt these files is to use Python/Linux.  While I have some Linux experience, I don't have Python experience.  I tried the AEP Pro program, but the programs informed me I'd need the password/key.  Kaspersky is yet to come out with a tool to decrypt .crinf extensions.  Removing the extension did not help either. 

I may try the Linux option in the near future, but am curious if anyone else has had any luck decrypting this bastard encryption.

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Help with DecrytorMax Ransomware and the .crinf extension
« Reply #1 on: November 20, 2015, 03:54:26 pm »
Hello, Rubber

I am Never and I will be helping you.
Fortunately for you, security experts have managed to make a tool to help you decrypt files encrypted by this scary ransomware variant.

You can download the decrypter for CryptInfinite (Also known as DecryptorMax) by clicking on the link below:

http://emsi.at/DecryptCryptInfinite

Try decrypting your data with this software and make sure that you set your computer`s power settings to not shut it down automatically. In case you dont know how to do it, make sure to follow this tutorial:

''Step 1: Click on the battery icon in your system tray (next to the digital clock) in Windows and then click on More Power Options.
Step 2:The mighty Power options menu will appear. In your power plan click on Change Plan Settings.
Step 3: In your plan's settings make sure you set "Turn off the display" and "Put computer to sleep" to "Never" from the drop down minutes menu.
Step 4: Click on Save Changes and close it.
Now, you should leave your PC to work it out. Bear in mind that the process may take a lot of time so arm yourself with patience and hope that the algorhytm is decryptable.''


Good Luck!
« Last Edit: November 20, 2015, 03:56:12 pm by never »

*

Rubber Boats

  • *
  • 2
  • +0/-0
      • View Profile
Re: Help with DecrytorMax Ransomware and the .crinf extension
« Reply #2 on: November 20, 2015, 09:50:36 pm »
Hi Never,

Thank you for the help.  I have tried letting the program decrypt a .png file.  The first run, it came back without a key and was unable to decrypt.  I am trying another .png file just in case.  So far, no go.

Update: Made another attempt.  This tool is not working with the .crinf files from this laptop.
« Last Edit: November 21, 2015, 01:55:53 am by Rubber Boats »

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Help with DecrytorMax Ransomware and the .crinf extension
« Reply #3 on: November 23, 2015, 10:02:35 am »
Dear Rubber Boats,

I have received reports by users who kept trying with different files and once they decrypted one .crinf file they have managed to decrypt most of their data with it.