Since the beginning, CryptXXX, or now UltraCrypter, has had significant issues with the ransomware and payment system.  The first two versions had flaws in their encryption algorithm that allowed Kaspersky to release free decryptors for victims.  Once they fixed those flaws, they started distributing broken decryptors to victims who paid the ransom. Their latest issue is that the UltraDeCrypter payment system is not recognizing ransom payments and victim's are unable to download the decryptor.

UltraDeCrypter Payment Site is not recognizing Payments

Paying a ransom should always be a last resort, but at the same time, I do understand that sometimes people or businesses do not have a choice. With that said, the UltraDeCrypter payment system seems to be broken as victim's are reporting that they make a payment, the payment is recognized, but it still does not provide the decryptor.

To add insult to injury, since the payment system is not recognizing that a payment has been made, the timer runs down and the ransom amount doubles. An example of this is shown below where a victim made the payment during the initial 1.2 bitcoin ransom amount window.  When they made the payment, it showed up as completed, but then the ransom amount was doubled to 2.4 bitcoins.

Payment Not Accepted
Payment Not Accepted

Due to these issues, if you have no choice and were planning on making a ransom payment, it is strongly advised not to pay the ransom for CryptXXX / UltraCrypter until these issues are resolved.

CryptXXX Gang launch Help Desk System on Payment Site

Probably because this group continues to have problems with their system, they have added a Helpdesk tab to the UltraDeCrypter payment site . This tab contains a form that a victim can use to contact the payment server operators in the event of a problem.

Help Desk on Payment Site
Help Desk on Payment Site

For those who have paid the ransom, but the payment system is not providing the decryptor, I strongly suggest you contact the developers via this form.  

If you do contact them regarding this issue, please let us know how it works out by commenting in this post.

Related Articles:

CryptON Ransomware Installed Using Hacked Remote Desktop Services

The Week in Ransomware - May 18th 2018 - Mostly Small Variants

New Bip Dharma Ransomware Variant Released

Police Dept Loses 10 Months of Work to Ransomware. Gets Infected a Second Time!

The Week in Ransomware - May 11th 2018 - GandCrab, SynAck, and More