See Also for the previous attempt to stay ahead of the good guys - CryptXXX updated to version 3.0, Decryptors no longer Work
3 Jun 2016 By Phil Muncaster
Notorious ransomware family CryptXXX has morphed yet again to defeat decryption tools with a newly discovered variant: version 3.100, according to Proofpoint.
The security vendor claimed in a new blog post that CryptXXX 3.100 features new Server Message Block (SMB) functionality to scan for shared Windows drives on the corporate network before encrypting them one by one.
This renders the current CryptXXX decryption tool from Kaspersky Lab useless, and organizations should not count on another one being made available any time soon, Proofpoint argued.
Full Article
CryptXXX Adapts Again to Outwit Decryptors
Userlevel 7
+54
Userlevel 7
This is a on going battle with these scum bags the good guys must continue to stay ahead of the game.
Userlevel 7
Another case of journalistic 'obviousness'...of course the miscreants are going to beef up their crapware when they hear that it can be circumvented...which is why all these announcementnthat so and so ransomware can be decrypted, etc., is really counter productive. Would be far better to keep schtum about it so that they had more trouble finding out that their efforts were in vain.
Userlevel 7
+54
By Tom Spring June 9, 2016
Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center.
“This is not the first time we’ve seen campaigns associated with ransomware switch between Angler EK and Neutrino EK,” wrote Brad Duncan, handler at SANS Internet Storm Center. But he said the switch was noteworthy because SANS had not yet seen CryptXXX distributed by Neutrino.
Full Article
Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center.
“This is not the first time we’ve seen campaigns associated with ransomware switch between Angler EK and Neutrino EK,” wrote Brad Duncan, handler at SANS Internet Storm Center. But he said the switch was noteworthy because SANS had not yet seen CryptXXX distributed by Neutrino.
Full Article
Userlevel 7
Well, I suppose that even ransomware must get tired of riding in the same 'car'...but seriously...regardless of the transportation mechanism if the basic steps are followed then one is somewhat safer.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.