No more get-out-of-jail-free card for CryptXXX ransomware victims

Jrs30

Level 11
Thread author
Verified
Honorary Member
Top Poster
Well-known
Feb 4, 2016
549
ransom-note700.jpg


For the past month, people infected with the CryptXXX ransomware had a way to recover their files without paying the hefty $500 fee to obtain the decryption key. On Tuesday, that reprieve came to an end.

Researchers from security firm Proofpoint said in a blog post that version 2.006 has found a way to bypass a decryption tool that has been freely available for weeks. The tool was provided by Kaspersky Lab and was the result of flaws in the way CryptXXX worked.

The crypto ransomware update effectively renders the Kaspersky tool useless, Proofpoint said. It did this with the use of zlib, a software library used for data compression. The new version also makes it harder to use the Kaspersky tool by locking the screen of an infected computer and making it unusable until the ransom is paid.

cryptxxx04.png


"With the introduction of version 2.006, CryptXXX authors have, for now, rendered the existing free decryption tool ineffective," Proofpoint researchers wrote. "While new decryption tools may emerge, CryptXXX's active development and rapid evolution suggest that this new ransomware will continue to compete strongly in malware ecosystems."

CryptXXX is largely being delivered through Angler, a notorious exploit kit that's used to deliver attacks over infected websites or though malicious ads. As always, people should protect themselves against the threat by installing security updates as soon as they're available and being highly suspicious of e-mail attachments, particularly if they involve Microsoft Office macros.
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
You are missing the most important; data backup and system recovery images. And instead of a Software Updater, just keep Windows Updates running and when prompted update all other software.

OS can be exploited if not updated correctly or frequently same with Chrome, Java, or Flash Player. Out of curiosity how do you make a system recovery image thats not 200+ gb?
 
  • Like
Reactions: Der.Reisende

Ink

Administrator
Verified
Jan 8, 2011
22,490
You create a recovery image of the OS, not the data. If you don't install a lot of software, the Program Files will be a lot smaller. And therefore quicker to backup and recover.

Software developers include their own updates and Chrome updates silently in the background unless the user tampers with the files.
 
  • Like
Reactions: Der.Reisende

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
You create a recovery image of the OS, not the data. If you don't install a lot of software, the Program Files will be a lot smaller. And therefore quicker to backup and recover.

Software developers include their own updates and Chrome updates silently in the background unless the user tampers with the files.

Kaspersky Software Updater tells me once in awhile there is a skype, java, flash, or browser update. I do have a OS recovery image then.
 
  • Like
Reactions: Der.Reisende

soccer97

Level 11
Verified
May 22, 2014
517
You create a recovery image of the OS, not the data. If you don't install a lot of software, the Program Files will be a lot smaller. And therefore quicker to backup and recover.

Software developers include their own updates and Chrome updates silently in the background unless the user tampers with the files.


How did you do this, through Windows Backup and Restore (native) in the Windows 10 Control Panel? My backups are generally 150+ GB - just over the remaining space of the 1 external HDD I own.


Another note- is that the actual image they use on the victim's screen- sad.
 
  • Like
Reactions: DJ Panda

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top