Petronella Blog Archive

Visit our New Blog

New Ransomware Also Steals Bitcoins

Blog Post

The cybergang behind the Reveton malware and chief rival to the group behind Locky, have decided to get into the ransomware business with a hybrid version of their own.

Going by the name CryptXXX, this new malware encrypts all files that are being stored locally and on any mounted drives, then asks for $500 in Bitcoins. The difference between this particular ransomware and others is that while it’s holding the user hostage, it’s also stealing data along with whatever bitcoins it can.

CryptXXX spreads using the Angler Exploit Kit that infects machines with the Bedep Trojan. Beped has been known to infect machines with data stealing malware, including the Pony password stealer back in 2014 and 2015. CryptXXX is no different in that regard, but adds a professional level encryption in the process.

The criminals behind CryptXXX are not new to the malware game, and have taken steps to keep it undetected including using random delayed execution, anti-analysis functions, and monitoring for mouse events. The Reveton gang have had plenty of success in the past with disseminating malware and CryptXXX will in all likelihood be no different.

The best way to prepare for a ransomware attack is to develop robust backup and data recovery policies with those backups being stored offline. Make sure all users are able to recognize social engineering attacks and phishing emails. It’s also a good idea for everyone to be running the latest version of their operating system and that their anti-malware software is up to date. Permanently disable flash on all computers and install adblockers. Don’t download anything from an email address you don’t recognize and be wary of unexpected emails from well-known brands with attachments.