The keys may have been released by a CrySiS developer.
The keys may have been released by a CrySiS developer.

The decryptor keys for the CrySiS ransomware were posted in a Bleeping Computer forum early on November 14 and Kaspersky Labs has reportedly added them to its RakhniDecryptor program

Bleeping Computer forum member crss7777, who is otherwise unnamed, posted a Pastebin link to a C header file containing the master decryption keys and instructions on their use, wrote Bleeping Computer founder Lawrence Abrams. In response, Kaspersky Labs is enabling victims to release their files using the company's RakhniDecryptor program.

The exact reason behind this disclosure is unknown, but one theory is the increasing pressure by law enforcement on finding ransomware developers.

“Though the identity of crss7777 is not currently known, the intimate knowledge they have regarding the structure of the master decryption keys and the fact that they released the keys as a C header file indicates that they may be one of the developers of the CrySiS ransomware,” Abrams said.