Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


CryptXXX Ransomware’s Current Version Stops Free Decryption Tools’ Usage

Security researchers have found one fresh version of CryptXXX a ransomware that's familiar. The sample contains certain fresh capabilities, especially one which doesn't allow non-chargeable decryption tools to be used.

While in comparison with the CryptoLocker or TeslaCrypt strains, the CryptXXX group of ransom software mayn't be as familiar, still there's some success that it has had. The latest strain, which SentinelOne researchers found, by now has yielded over $50,000 to attackers as well as resolved one glitch related to its encryption system which let intermediate decryption codes run effectively on contaminated systems.

People across the globe encountered CryptXXX during mid-April 2016 first, nevertheless just following one week, Kaspersky managed in developing one decrypter for the malware's first edition with which end-users could retrieve locked files without paying a ransom.

Cyber-criminals responded to the situation via making their ransomware up-to-date; however, Kaspersky researchers too kept on updating the decryption code they created. But the CryptXXX version just found has enabled reaching the last stage of the cat-and-mouse game by cracking the latest version of the decrypter again while failing decryption tools from unlocking CryptXXX. Softpedia.com posted this, June 28, 2016.

The latest CryptXXX has attained success because for one the ransomware's operators carried out the encryption process correctly so that end-users found it really hard for decrypting without help. Earlier CryptXXX editions locked people's files labeling their extensions as either .crypt or .crypz. But CryptXXX's latest version labels encrypted files as .crypt1. According to Fenton, CryptXXX attackers using crypt/crypz to label encrypted file extensions were actually utilizing one faulty implementation of file encryption which let files to get unlocked devoid of any ransom payment. With crypt1, the case has been otherwise.

Besides, there's deletion of shadow volume replicas from victimized users' computers, thus not letting any restoration of files aided from backups.

Fenton conjectures that the most recent CryptXXX is being spread through spam. This has been done on the basis of the domain and metadata particulars related to the samples gathered. Strangely, whilst within the most recent attack, a few of the domain-names relate to investments and finance, the remaining deal with anti-spam.

» SPAMfighter News - 7/1/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page