A recently released report has confirmed that hackers behind the ransomware CryptXXX had received $60,478 worth of bitcoin in ransom payments since June 4.
The newer version of CryptXXX has been making rounds since late May 2016. The criminals behind the ransomware, as expected have patched various vulnerabilities that existed in the previous versions to release version 3.0 of the malware. These upgrades to the code have made CryptXXX immune to Kaspersky’s RannohDecryptor which was made available by the Moscow-based software security group for free.
CryptXXX 3.0 Decryptor Error
In this month alone CryptXXX has affected at least 70 computers, where the victims have paid the ransom to get their files decrypted from the cyber-criminals. Soon after the malware developers launched CryptXXX 3.0 to prevent Kaspersky’s software from decrypting the encrypted files, they also ended up breaking their own decryption software. Few victims who paid the ransom apparently received a decryption software that didn’t work. However, the malware developers soon fixed the issue by releasing a newer version of the decryptor.
TeslaCrypt Strikes Again
Many leading cyber security companies have been actively tracking the evolution of ransomware. A variant of TeslaCrypt recently affected the systems of one of the leading NASCAR teams, Circle Sport-Leavine Family Racing forcing the team to pay the ransom amount. With TeslaCrypt master decryption key already out in the public, it is not sure whether the ransomware that affected the NASCAR team was some form of evolved TeslaCrypt or the team just didn’t explore the option before paying the ransom.
And Then There is Bart
Ransomware has become a lucrative business for malware developers as it is a source of easy money. There are new versions popping up on a regular basis. The latest one, Bart developed by the creators of ransomware Locky and Dridex is now affecting unsuspecting users, holding them for a ransom of 3 bitcoins, which is close to $2000, the highest ransom demanded by ransomware so far. unlike other malware, Bart is said to be capable of encrypting the files even before the software connects with the command and control server hosted by the malware developers. Bart is propagated through emails in the form of a zip archive, containing malicious JavaScript code. The ransomware is available in multiple languages and upon dissection, it was found that the malware shares few similarities with the Locky.
While we can’t do much about the number of ransomware that are currently out on the internet, people can protect themselves by avoiding emails and attachments sent from unknown email ids, no matter how tempting the subject line is.
Ref: CSO | Bleeping Computer |InfoSecurity |Image: NewsBTC