- Mar 17, 2015
- 2,387
The changes being made already in the relatively new 7ev3n and CryptXXX ransomware families shows that remaining on the cutting edge of product development is no easier for a criminal than it is for honest developers.
Whether it is making basic usability changes as, in 7ev3n's case, or the more technical improvement that was just spotted to CryptXXX, all ransomware users have to keep the malware viable by making changes.
"A developers work is never done," Adam Kujawa, head of malware intelligence, told SCMagazine.com in an email.
The smaller type “tweaks” being done to 7ev3n is the norm for what happens in the ransomware business, Kujawa said, adding that most of those specializing in this particular form of criminal activity tend to stick with and keep improving what works.
“Most of the time it's tweaking to boost performance, avoid detection or make it more efficient. The ransomware world as a whole doesn't really step too far outside of the norm, with the exception of a few game changing families, for example before Cryptolocker started encrypting everybody's files, families like Reveton just locked down the screen and pretended to be law enforcement,” Kujawa said.
However, simply updating what is already available is not the only path being taken. Bryan Burns, vice president of threat research for Proofpoint, pointed out that while making constant improvements to existing ransomware certainly takes place, others are out to add to the existing malware that is available.
“With ransomware, the technical barrier to entry is rather low, so we have seen new varieties crop up on a regular basis. There seems to be constant turnover, with old families of ransomware dropping off the map, only to be replaced by new ones. The overall trend is towards more, rather than fewer, varieties in circulation,” he told SCmagazine.com in an emai...
Full Article: Bad guys update 7ev3n and CryptXXX ransomware
