Your one-stop web resource providing safety and security information to manufacturers

A new ransomware can not only encrypt a victim’s data, it can also steal Bitcoin from infected targets, along with passwords and other personal details, researchers said.

The first signs of the ransomware called CryptXXX appeared at the end of March, said researchers at Proofpoint. The ransomware ends up distributed via Web pages that host the Angler exploit kit.

Website Ransomware Not Viable – Yet
Millions of Devices Face Ransomware
Another Ransomware Recovery Mode
Tools to Unlock Ransomware

This kit uses vulnerabilities to push the Bedep click-fraud malware on victim’s systems. Bedep also has “malware downloading” capabilities, so it will download the CryptXXX ransomware as a second-stage infection, dropping it as a delayed execution DLL.

After infecting users, the ransomware changes the users’ wallpaper with its ransom note and drops text and HTML ransom notes all over the computer.

Schneider Bold

You can spot CryptXXX infections by the ransom notes, which are named de_crypt_readme.txt and de_crypt_readme.html, or by the extension they add to all encrypted files, which is .crypt.

Pin It on Pinterest

Share This