To Customer Support To Customer Support

New CryptXXX Ransomware Locks Your Files, Steals Bitcoin and Local Passwords

  • 19 April 2016
  • 9 replies
  • 884 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

New ransomware gets infostealer component

 
Apr 19, 2016 09:25 GMT  ·  By Catalin Cimpanu
 CryptXXX is a new ransomware variant discovered during the past weeks, which, besides encrypting the user's data, is also capable of stealing Bitcoin from infected targets, along with passwords and other personal details, security researchers from Proofpoint have found.
 
The first signs of the CryptXXX ransomware appeared towards the end of March. Security experts say the ransomware is distributed via Web pages that host the Angler exploit kit. This crimeware kit uses vulnerabilities to push the Bedep click-fraud malware on the users' systems.
 
Bedep is also known for having "malware downloading" capabilities, so it will download the CryptXXX ransomware as a second-stage infection, dropping it as a delayed execution DLL, set to wait 62 minutes before launching.
 
                      http://i1-news.softpedia-static.com/images/news2/new-cryptxxx-ransomware-locks-your-files-steals-bitcoin-and-local-passwords-503149-3.png
CryptXXX ransom note added as a wallpaper.
 Full Article

9 replies

R
Rank
Userlevel 7
It seems ransomware gets nastier and nastier everyday and its a constant battle to overcome this exploit
Ssherjj
Rank
Userlevel 7
Badge +62
Another nasty Ransomeware and it's never ending...
 
 
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Baldrick
Rank
Userlevel 7
And so it goes on...and will do until the miscreants are either tired of using ransomware or they come up with something either equally or more devilish.
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
April 27, 2016  By Pierluigi Paganini
 

Security experts at Kaspersky have found a way to decrypt files locked by the CryptXXX ransomware by using the RannohDecryptor utility.

 
Good news for the victims of ransomware, the security experts at Kaspersky Lab have successfully cracked the CryptXXX  ransomware.
 
Now experts at Kaspersky cracked the CryptXXX ransomware and released the RannohDecryptor utility, an initially that was initially designed to recover files encrypted by the Rannoh ransomware.

Victims of the CryptXXX ransomware have to use it by providing an original (not encrypted) version of at least one file present on the infected machine.
 
Full Article
R
Rank
Userlevel 7
That's good new for the good guys as this is a constant battle on
ransomware.
Baldrick
Rank
Userlevel 7
Good news...yes, a little bit but given the amount and number of different types of ransomware out there it is just a small **bleep** in their nefarious armour...:(
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Ssherjj
Rank
Userlevel 7
Badge +62
This is really good..but it only puts a dsmper on things but it's better then nothing. Like we always say Ransomeware is out full force now a days!:(
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
P
Rank
Userlevel 4
Yes,  this is what I discovered about  Kaspersky they have a ramsomeware utility.  Can Webroot do the same decrypt Crptxxx? Does anyone know?
 
Thanks
 
PopCorn
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
Yes,  this is what I discovered about  Kaspersky they have a ramsomeware utility.  Can Webroot do the same decrypt Crptxxx? Does anyone know?
 
Thanks
 
PopCorn
I would say yes in most cases and it can rollback like in this video: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202 and they are always improving detections all the time! But it is always recommended to use a layered approach like what is in Baldrick's signature!
 


 
http://www.webroot.com/us/en/business/threat-intelligence

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.