The master decryption keys for Wallet ransomware, part of the Crysis family, were posted on the security blog BleepingComputer forum by a member last week.
Security researchers confirm the keys were valid and created a free decryptor for victims. Users have confirmed the decryptor effectively works to reestablish access to files previously locked by the ransomware strain.
To use the keys to release files locked by Wallet, users must first download the Crysis decryptor from Avast.
Crysis is one of the largest most successful ransomware variants, and Wallet is widespread throughout the U.S. and Europe.
This is the third time keys have been released for Crysis. The first release was in November 2016 and the last was in March. Crysis recently began leveraging the .onion extension, which may have spurred the group to release keys to the outdated version.
It demonstrates a pattern for Crysis developers, Bleeping Computer Founder Lawrence Abrams said. However, it doesn’t explain the reason behind the release of the keys. It could be goodwill, as those who would’ve paid the ransom, would have done so directly after an attack.
“Hopefully this behavior will be emulated by other ransomware developers who may be willing to release keys for older versions that they will no longer generate revenue from,” Abrams said.