New and improved CryptXXX ransomware nets $45,000 in 3 weeks
The latest ransomware variant comes with changes that prevent victims from restoring their data from backups.
A new strain of CryptXXX ransomware has been uncovered by security researchers, which indicates that the authors of the ransomware have improved on previous versions. The new version comes with fixes for flaws that previously allowed victims to use free decryption tools to decrypt their data, effectively ensuring that those affected now will have to pay up the ransom to get back lost data. The latest version has also successfully racked up 70 Bitcoins ($45,000) from 4 June - 21 June
According to security firm Sentinel One, this particular strain of CryptXXX ransomware has amassed over $50,000 worth of Bitcoins so far. "With this kind of success, it's likely we'll continue to see this family and other ransomware families continue to grow and evolve. Some factors which may contribute to this are the increasing reliance on computers to store and process valuable information and the increasing popularity of Bitcoin which is semi-anonymous, works globally, and is difficult to regulate because it's completely decentralized," said Sentinel One.
One of the major changes that security researchers noted on this variant of the CryptXXX ransomware was the incorporation of a new encryption feature. This encryption is believed to have been designed after researchers at Kaspersky Lab came up with a free decrypting tool, which was designed to help victims decrypt data without having to pay ransom to cybercriminals. The new variant does allow victims to decrypt a single file, but the size is restricted to 512KB.
The latest ransomware variant also comes with changes that prevent victims from restoring their data from backups by deleting all shadow volume copies. According to Sentinel One researchers, cybercriminals are using spam techniques to spread the new ransomware variant. However, it is likely that other distribution methods are also simultaneously being used to spread the ransomware to a wider target.
The regular flow of funds into and out of the address used by the authors of the ransomware indicates that the hackers may be using a Bitcoin tumbler in efforts to evade detection of the final destination of the ransom received. The constant improvements being made in ransomware attacks indicate how serious a threat this can be in the future. According to Kaspersky's ransomware research report, ransomware's reach and success has become so widespread that the firm classified it as an "epidemic".
© Copyright IBTimes 2024. All rights reserved.