Proofpoint researchers have detected a new version of thw CryptXXX ransomware that introduces several updates and improvements, all of which increase the risks associated with this threat. In fact, shared network resources are now far more vulnerable to encryption by a CryptXXX-infected PC with the introduction of network scanning via SMB.
CryptXXX is evolving fast – the developers behind it are already at Version 3.100, detected less than 6 weeks after Proofpoint researchers first identified the ransomware. The latest iteration not only bypasses the currently available decryption tool from but also 1) Uses SMB to scan for available network resources and begin encrypting them, 2) Installs the StillerX information stealing DLL (this isn’t new but is the first time it has been analyzed in detail), 3) Includes a new payment portal, and 4) Changes the extension of encrypted files from previous versions.
Comments from Kevin Epstein, Vice President, Threat Operations Center:
“CryptXXX is evolving rapidly, likely driven by the financial benefits attackers reap from distributing ransomware at scale. Cybercrime is a business, and the lower-cost, higher-return nature of ransomware offers significant incentives for threat actors’ continuing investment in that form of malware.”
“By including robust credential-stealing capabilities in the malware package, the actors behind CryptXXX are able to monetize their attack beyond basic ransom payments. It adds further injury to insult, like having your wallet and ID stolen by your kidnappers.”
Please visit Proofpoint’s Threat Insight blog for the full research: https://www.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…