Malware News CryptoMix variant named CryptoShield 1.0 Ransomware Distributed by Exploit Kits

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
A new CryptoMix, or CrypMix, variant called CryptoShield 1.0 Ransomware has been discovered by ProofPoint security researcher Kafeine being distributed via EITest and the RIG exploit kit.

As a note, in this article I will be calling this ransomware CryptoShield as that will most likely be how the victim's refer to it. It is important to remember, though, that this ransomware is not a brand new infection, but rather a variant of the CryptoMix ransomware family.

How Victim's Become Infected with CryptoShield 1.0
CryptoShield is being distributed through sites that have been hacked or compromised so that when a visitor goes to the site, they will encounter the EITest attack chain. EITest is a JavaScript attack code that is injected into sites so that it will be executed by visitors. In the attack chain noted by Kafeine, EITest will load the RIG exploit kit that will further download and install the CryptoShield ransomware on the visitors computer.

This attack can be seen below where a visitor goes to the compromised site and encounter the EITest script. This script then launches code from another site that activates the exploit kit in order to install CryptoShield.

More in the link above.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top