Skip to main content
Customer Support Customer Support

New CryptXXX Ransomware Locks Your Files, Steals Bitcoin and Local Passwords

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

New ransomware gets infostealer component

 
Apr 19, 2016 09:25 GMT  ·  By Catalin Cimpanu
 CryptXXX is a new ransomware variant discovered during the past weeks, which, besides encrypting the user's data, is also capable of stealing Bitcoin from infected targets, along with passwords and other personal details, security researchers from Proofpoint have found.
 
The first signs of the CryptXXX ransomware appeared towards the end of March. Security experts say the ransomware is distributed via Web pages that host the Angler exploit kit. This crimeware kit uses vulnerabilities to push the Bedep click-fraud malware on the users' systems.
 
Bedep is also known for having "malware downloading" capabilities, so it will download the CryptXXX ransomware as a second-stage infection, dropping it as a delayed execution DLL, set to wait 62 minutes before launching.
 
                      http://i1-news.softpedia-static.com/images/news2/new-cryptxxx-ransomware-locks-your-files-steals-bitcoin-and-local-passwords-503149-3.png
CryptXXX ransom note added as a wallpaper.
 Full Article

    9 replies

    R
    Community Guide
    It seems ransomware gets nastier and nastier everyday and its a constant battle to overcome this exploit
    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • 21867 replies
    • April 19, 2016
    Another nasty Ransomeware and it's never ending...
     
     
    Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • 16060 replies
    • April 19, 2016
    And so it goes on...and will do until the miscreants are either tired of using ransomware or they come up with something either equally or more devilish.
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    April 27, 2016  By Pierluigi Paganini
     

    Security experts at Kaspersky have found a way to decrypt files locked by the CryptXXX ransomware by using the RannohDecryptor utility.

     
    Good news for the victims of ransomware, the security experts at Kaspersky Lab have successfully cracked the CryptXXX  ransomware.
     
    Now experts at Kaspersky cracked the CryptXXX ransomware and released the RannohDecryptor utility, an initially that was initially designed to recover files encrypted by the Rannoh ransomware.

    Victims of the CryptXXX ransomware have to use it by providing an original (not encrypted) version of at least one file present on the infected machine.
     
    Full Article
    RetiredTripleHelix
    Baldrick
    Ssherjj
    3 people like this
    • RetiredTripleHelix
      RetiredTripleHelix
    • Baldrick
      Baldrick
    • Ssherjj
      Ssherjj
    R
    Community Guide
    That's good new for the good guys as this is a constant battle on
    ransomware.
    RetiredTripleHelix
    Baldrick
    Jasper_The_Rasper
    4 people like this
    • RetiredTripleHelix
      RetiredTripleHelix
    • Baldrick
      Baldrick
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • 16060 replies
    • April 27, 2016
    Good news...yes, a little bit but given the amount and number of different types of ransomware out there it is just a small **bleep** in their nefarious armour...:(
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    RetiredTripleHelix
    Jasper_The_Rasper
    Ssherjj
    3 people like this
    • RetiredTripleHelix
      RetiredTripleHelix
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj
    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • 21867 replies
    • April 27, 2016
    This is really good..but it only puts a dsmper on things but it's better then nothing. Like we always say Ransomeware is out full force now a days!:(
    Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
    P
    Popular Voice
    • PoPCorn
    • Popular Voice
    • 65 replies
    • April 27, 2016
    Yes,  this is what I discovered about  Kaspersky they have a ramsomeware utility.  Can Webroot do the same decrypt Crptxxx? Does anyone know?
     
    Thanks
     
    PopCorn
    RetiredTripleHelix
    Gold VIP
    Forum|alt.badge.img+56
    @ wrote:
    Yes,  this is what I discovered about  Kaspersky they have a ramsomeware utility.  Can Webroot do the same decrypt Crptxxx? Does anyone know?
     
    Thanks
     
    PopCorn
    I would say yes in most cases and it can rollback like in this video: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202 and they are always improving detections all the time! But it is always recommended to use a layered approach like what is in Baldrick's signature!
     


     
    http://www.webroot.com/us/en/business/threat-intelligence
    Baldrick
    Jasper_The_Rasper
    Ssherjj
    3 people like this
    • Baldrick
      Baldrick
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj

    Reply


    Terms & Conditions