- Jan 24, 2011
- 9,378
CryptMix is a mashup of CryptXXX and CryptoWall
A new type of ransomware created and distributed by a group of crooks calling themselves the Charity Team is trying to encourage users to pay the ransom note by promising to give some of the money to a children's charity organization.
Researchers from Heimdal Security claim the ransomware first appeared last week, but MalwareHunterTeam has told Softpedia that samples of the same ransomware were seen starting more than a month ago.
Columbian security researcher Nyxbone took a closer look at the ransomware three days ago and said that this threat is a combination of other ransomware families, such as CryptoWall 3.0, CryptoWall 4.0 and the more recent CryptXXX. Hence, the researcher appropriately named the ransomware CryptMix.
CryptMix infections occur via drive-by downloads on malicious sites
Infection occurs via spam email, which contains links to malicious websites. Users who access these websites are targeted with exploit kits that leverage vulnerabilities in the users' browsers and their plugins to install CryptMix.
Once the ransomware reaches a victim's PC, it automatically starts the encryption process. The ransomware is unique because it searches and starts to encrypt a whopping 862 different file types. You can recognize CryptMix infections by the .code file extension that they add at the end of each encrypted file.
After the encryption process ends, the ransomware adds ransom notes on the infected PC. Nyxbone says CryptMix borrows the HTML ransom note from CryptXXX and the text-based ransom note from CryptoWall.
The ransom note tells the user their files were locked with an RSA-2048 algorithm, gives them an ID, and urges them to send an email to one of two email addresses (xoomx[@]dr.com and xoomx[@]usa.com) so that they recover their files.
The crooks answer the victim's email and provide them with a link and a password to the One Time Secret service, a website that lets users share password-protected messages.
Read more: New CryptMix Ransomware Promises to Give Money to a Children's Charity
A new type of ransomware created and distributed by a group of crooks calling themselves the Charity Team is trying to encourage users to pay the ransom note by promising to give some of the money to a children's charity organization.
Researchers from Heimdal Security claim the ransomware first appeared last week, but MalwareHunterTeam has told Softpedia that samples of the same ransomware were seen starting more than a month ago.
Columbian security researcher Nyxbone took a closer look at the ransomware three days ago and said that this threat is a combination of other ransomware families, such as CryptoWall 3.0, CryptoWall 4.0 and the more recent CryptXXX. Hence, the researcher appropriately named the ransomware CryptMix.
CryptMix infections occur via drive-by downloads on malicious sites
Infection occurs via spam email, which contains links to malicious websites. Users who access these websites are targeted with exploit kits that leverage vulnerabilities in the users' browsers and their plugins to install CryptMix.
Once the ransomware reaches a victim's PC, it automatically starts the encryption process. The ransomware is unique because it searches and starts to encrypt a whopping 862 different file types. You can recognize CryptMix infections by the .code file extension that they add at the end of each encrypted file.
After the encryption process ends, the ransomware adds ransom notes on the infected PC. Nyxbone says CryptMix borrows the HTML ransom note from CryptXXX and the text-based ransom note from CryptoWall.
The ransom note tells the user their files were locked with an RSA-2048 algorithm, gives them an ID, and urges them to send an email to one of two email addresses (xoomx[@]dr.com and xoomx[@]usa.com) so that they recover their files.
The crooks answer the victim's email and provide them with a link and a password to the One Time Secret service, a website that lets users share password-protected messages.
Read more: New CryptMix Ransomware Promises to Give Money to a Children's Charity
