CryptXXX Ransomware Strand Steals Bitcoins, Passwords and Encrypts Files
While ransomware threats remain to be some of the most aggressive types of malware currently around, the evolution of such threats are taking on a plethora of capabilities in their attack methods. As such, a new strand of ransomware, CryptXXX, appeared last month and is being actively distributed through the Angler exploit kit.
CryptXXX ransomware threats have several capabilities apart from the traditional actions of encrypting files on an infected computer. CryptXXX threats can download malware, steal Bitcoins, pilfer password data, and take personal details. Much like traditional and ransomware threats that encrypt files, CryptXXX is prone to displaying a HTML ransom notification, which are named de_crypt_readme.txt and de_crypt_readme.html. So far, CryptXXX is the only type of ransomware threat type to have the specific names and asks that ransom is paid in the amount of 1.2 Bitcoin, which equates to about $515 USD.
The ability to harvest data is a feature that we have yet to see come from a ransomware threat. CryptXXX appears to be able to collect data on an infected computer through a built-in infostealer component. The data that CryptXXX seeks out is usually login credentials, email information, FTP client data, and Internet browser types and versions. The Bitcoin theft aspect of CryptXXX was discovered by Proofpoint but has yet to explain in detail how CryptXXX ransomware threats are doing such.
Researchers from Proofpoint have revealed similarities of CryptXXX ransomware threats to that of Reveton ransomware, a threat that came onto the scene nearly four years ago and had the basic functions of displaying a ransom note but only locking up an infected system instead of encrypting its files. In the similarities of CryptXXX ransomware, researchers have speculated that it comes from the same group of attackers that utilize the Angler Exploit kit to actively spread recent ransomware threats, such as CryptoWall and Reveton. What we know about CryptoWall Ransomware is that it was one of the original types of crypto-ransomware threats to come onto the scene about two years ago beside other notable threats, such as CrytoLocker and CryptoWall, both crypto-ransomware threats.
The distribution channels of ransomware appear to be the major evolving aspect of recent ransomware threats. Initially, ransomware was primarily spread through spam email as attachments. In recent discoveries, researchers have concluded that large-scale malware distribution will be the major focus for future ransomware. Additionally, Proofpoint is confident that CryptXXX will become widespread in the near future.
Apparently, there have been more cybercrooks and hackers, both experienced and inexperienced, the join the efforts of spreading ransomware threats. With that in mind, ransomware has become the malware of choice to garner a nice payday for attackers. The CrtypXXX ransomware threats are only another step for hackers and cybercrooks in what appears to be a proliferation of ransomware that may become out of control in the months to come.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.