Bitcoin ransomware is one of the biggest threats individuals, and enterprises are facing today. CryptXXX has the potential to become one of the most dangerous versions of this malware to date.
Also read: ETF Queen Moriarty Takes on SEC for Bitcoin
Reveton Developers Return with CryptXXX
Bitcoin users who have been keeping an eye on this history of crypto-ransomware will remember the name Reveton, which was one of the very first types of this malware to infect a lot of victims. The primary purpose of ransomware is to infect a computer – or network – and encrypt all of the data it can find.
Not only will this prevent users from accessing their files, but most types of crypto-ransomware will prevent recovering data through a previous backup as well. By deleting the shadow volumes, restoring data from a backup will become impossible, leaving users with very few options. In the end, most of them either pay the Bitcoin ransom or format their hard drive and take the loss of files.
But crypto ransomware developers are stepping up their game as of late, and CryptXXX is the most recent strain of this malware to make the rounds. What makes this software even more of a threat is how it is designed by the team behind Reveton, one of the first types of crypto-ransomware to affect thousands of computers all over the world.
CryptXXX has been discovered a few weeks ago and is spread through the Angler Exploit Kit. Using exploit kits to spread ransomware is becoming the new norm in recent times, as these “sets of tools” will look for various weaknesses found in computer and software security. With the recent Adobe Flash vulnerability being fixed, there are still millions of servers connected to other systems at risk of infecting computers with crypto ransomware.
Similar to most other types of crypto-ransomware, CryptXXX is charging a specific fee to remove the file encryption. According to the information provided by Proofpoint, that fee is currently sitting at $500 USD in bitcoin, which is a rather steep price. If this payment is not made within the allotted period, the amount which needs to be paid will double.
Once the user has made the payment, they will be redirected to a page where they can download the decryption software. Installing this program and letting it scan the hard drive will result in the decryption key being provided on the page. Entering this key and hitting the “Decrypt” button should do the trick.
Bitcoins are Being Stolen Too
To make the CryptXXX crypto ransomware threat even more disconcerting, it appears as if this malware is also stealing Bitcoin wallet.dat files. For those cryptocurrency enthusiasts who have not yet done so, using an offline or mobile wallet might be worth looking into.
Spreading the CryptXXX crypto ransomware through the Angler exploit kit is a grave concern for computer users all over the world. The Angler exploit kit is the most popular one on the underground markets, which puts this new malware at the disposal of experienced internet criminals. It is hard to judge what type of impact this will have on computer users around the world, though.
What are your thoughts on CryptXXX and the destruction it can cause? Let us know in the comments below!
Images courtesy of Shutterstock, Proofpoint