About CryptXXX Ransomware

CryptXXX Ransomware belongs to the malignant ransomware family. This threat is spread via Angler Exploit Kit. Once inside, CryptXXX Ransomware encrypts several files saved on local and removable drives. The files have been encrypted by implementing RSA4096 which is an asymmetric encryption algorithm. This means that it generates a public key (used for encrypting) and other private key (used for decryption). To recover files, those affected users need a private key that is saved on remote servers that belongs to cyber crooks. To get the decryption key (with a private key integrated), affected users must apparently pay the ransom amount. Apart from that, CryptXXX Ransomware collects numerous types of confidential data including browsing details, cookies and many more things.


CryptXXX infection vector via Angler Exploit Kit

CryptXXX infection vector via Angler Exploit Kit

Source: https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100

CryptXXX Ransomware Vicious Activities

While encryption, CryptXXX Ransomware creates 3 files (de_crypt_readme.bmp, de_crypt_readme.html, de_crypt_readme.txt) and put all of them in each folder that contains encrypted files. In those files, it states that the victim must have to pay a ransom of 1.2 Bitcoins ($525.5). If the ransom amount is not paid within the prescribed time period(presently unknown), then the ransom will get doubled to 2.4 BTC. If the amount which is asked by cyber crooks is not paid within the additional period given, the private key will be deleted forever and then it will be impossible to decrypt the files. Although, Cyber crooks gives victims a chance to decrypt a file for free. Thus, cyber crooks apparently give assurances that encryption is possible. It is noteworthy that CryptXXX Ransomware virus adds .crypt, .cryp1, .crypz extensions to each encrypted file, so it is easy to see which files have been encrypted.

CryptXXX Ransom Page

CryptXXX Ransom Page

Cyber crooks often simulate different kind of authorities like the FBI, Homeland Security and many more. They blame and alleged users of having done several crimes on the internet (normally seeing illegal porn). To avoid a conviction, it urges victims to pay a fine (ransom amount). Fortunately, it is Possible to remove CryptXXX Ransomware by using a prominent and robust third party tool.

CryptXXX Wallpaper

CryptXXX Changes Wallpaper

Source: http://blog.trendmicro.com/trendlabs-security-intelligence/will-cryptxxx-replace-teslacrypt-ransomware-shakedown/

CryptXXX Ransomware Infiltration Method

There are lots of viruses that closely resembles to CryptXXX Ransomware such as Cerber, Locky, Jigsaw,TeslaCrypt. Almost all of them rely on asymmetric encryption hence it is virtually impossible to decrypt without involving cyber crooks. However, those using symmetric encryption (encryption and decryption keys are similar) often have security flaws. For example, the key is temporarily saved in the % TEMP% folder, hence it is fairly easy to decrypt. Note that the CryptXXX Ransomware virus spread most likely through fake software updates, emails containing malicious attachment files, spam messages, P2P networks (Torrent) or carried out by Trojans. It is therefore very important to pay attention when downloading files sent via apprehensive e-mails or third parties. In addition, all installed programs should be kept updated. For extra protection, you should always use an reliable antivirus.

Files Encrypted by CryptXXX Ransomware

Files Encrypted by CryptXXX Ransomware

Reference: https://threatpost.com/updated-cryptxxx-ransomware-big-money-potential/118464/

Leave a Reply

Your email address will not be published. Required fields are marked *