CryptXXX Variant Scores £26,000 In Ransomware Payments

Researchers have found a new version of the CryptXXX family of ransomware that they say has already netted payments of about £26,000 during a period of less than three weeks.

The new variant illustrates the growing problem posed by ransomware, which encrypts a system’s files and then demands payment to unlock them. The malware has attracted increasing attention from computer criminals in recent months due to a number of large payouts, according to researchers.

Impossible to decrypt

The latest version of CryptXXX fixes bugs that had previously allowed those affected by it to unlock their files for free using third-party tools, according to computer security firm SentinelOne.

The changes mean that it is now impossible to decrypt files without paying the ransom, the company said.

The firm found that the address associated with the latest CryptXXX variant had received 61 payments totalling 70 Bitcoin over a 17-day period ending last week. The firm calculated the value of the Bitcoins at about $35,000 (£26,000).

“With this kind of success, it’s likely we’ll continue to see this family and other ransomware families continue to grow and evolve,” SentinelOne said in an advisory.

Spam distribution

The ransomware, like other families, is spread mainly by junk email messages and its payload uses several different techniques to appear to be a legitimate Windows code library, SentinelOne said.

Once a system’s files are encrypted, the user is shown a note instructing them to go to a particular Tor web page, where there are instructions on how to purchase Bitcoins and use them to pay the ransom, the firm said.

The site also provides a test decryption service that works on files up to a limit of 512KB.

Researchers advise organisations to have strong, multi-tier security systems in place to prevent malicious attachments from reaching users.

Quiz: Have you been paying attention to security in 2016?