As if the threat of ransomware was not growing fast enough, we now have another peril to consider in relation to the malware: the ransomware hybrid, Cryptxxx. According to KnowBe4, the cyber gang competitor to Locky, Reveton, is behind the new danger to our systems.
Discovered by researchers at Proofpoint earlier this month, Cryptxxx spreads through your system via the Angler Exploit Kit and infects the machine with Bedep Trojans, allowing hackers access to the machine to add the new .crypt encryption. From there, the system is vulnerable to multiple threats, including:
- The demand to provide an estimated amount of $500 in Bitcoins to unlock files
- The loss of large amounts of data stored to the system
- The stealing of any Bitcoins previously reserved for use
Additionally, Cryptxxx uses specific execution to confuse the victims at the time the ransomware is contracted. KnowBe4 reported that criminals attempt to avoid the ransomware detection by encrypting the files a short time following the PC’s infection through random delayed implementation.
So, what can we do to prevent this, or at the very least, protect our systems? Earlier this week, we posted a 4-step blog indicating steps to protect our systems by educating ourselves on the threat, backing up system data, using advanced end-point Whitelisting Technology, and updating applications and operating system. However, if steps are not taken to avoid this ransomware, we are often in a situation where it may be better to consider paying the thief the ransom to retrieve the file.
Luckily, a decryptor was created to crack down on the problem. However, for the decryptor to work, you must have at least one original file backed up. In response, take the needed steps to protect your system in the case of an attack. If at any point you find your system subject to the hybrid or any ransomware, contact your anti-virus service provider to report the activity and infection.