A new ransomware can not only encrypt a victim’s data, it can also steal Bitcoin from infected targets, along with passwords and other personal details, researchers said.
The first signs of the ransomware called CryptXXX appeared at the end of March, said researchers at Proofpoint. The ransomware ends up distributed via Web pages that host the Angler exploit kit.
This kit uses vulnerabilities to push the Bedep click-fraud malware on victim’s systems. Bedep also has “malware downloading” capabilities, so it will download the CryptXXX ransomware as a second-stage infection, dropping it as a delayed execution DLL.
After infecting users, the ransomware changes the users’ wallpaper with its ransom note and drops text and HTML ransom notes all over the computer.
You can spot CryptXXX infections by the ransom notes, which are named de_crypt_readme.txt and de_crypt_readme.html, or by the extension they add to all encrypted files, which is .crypt.