- Jul 22, 2014
- 2,525
A new CryptoMix, or CrypMix, variant called CryptoShield 1.0 Ransomware has been discovered by ProofPoint security researcher Kafeine being distributed via EITest and the RIG exploit kit.
As a note, in this article I will be calling this ransomware CryptoShield as that will most likely be how the victim's refer to it. It is important to remember, though, that this ransomware is not a brand new infection, but rather a variant of the CryptoMix ransomware family.
How Victim's Become Infected with CryptoShield 1.0
CryptoShield is being distributed through sites that have been hacked or compromised so that when a visitor goes to the site, they will encounter the EITest attack chain. EITest is a JavaScript attack code that is injected into sites so that it will be executed by visitors. In the attack chain noted by Kafeine, EITest will load the RIG exploit kit that will further download and install the CryptoShield ransomware on the visitors computer.
This attack can be seen below where a visitor goes to the compromised site and encounter the EITest script. This script then launches code from another site that activates the exploit kit in order to install CryptoShield.
More in the link above.
As a note, in this article I will be calling this ransomware CryptoShield as that will most likely be how the victim's refer to it. It is important to remember, though, that this ransomware is not a brand new infection, but rather a variant of the CryptoMix ransomware family.
How Victim's Become Infected with CryptoShield 1.0
CryptoShield is being distributed through sites that have been hacked or compromised so that when a visitor goes to the site, they will encounter the EITest attack chain. EITest is a JavaScript attack code that is injected into sites so that it will be executed by visitors. In the attack chain noted by Kafeine, EITest will load the RIG exploit kit that will further download and install the CryptoShield ransomware on the visitors computer.
This attack can be seen below where a visitor goes to the compromised site and encounter the EITest script. This script then launches code from another site that activates the exploit kit in order to install CryptoShield.
More in the link above.
