The ransomware CryptXXX is now more difficult to detect than ever as it has been updated and has a better encryption technology and new methods to evade detection. The latest version of the ransomware was spotted by researchers at SentinelOne. According to the researchers, the new CryptXXX is spreading through spam and has already affected many users. The ransomware has earned approximately $50,000 in bitcoin payouts in the last 17 day. CryptXXX is a competitor to the famous Locky ransomware when it comes to infection rates and distribution.
The latest version of CryptXXX cannot be decrypted with the use of free decryption tools unlike its predecessors and thus makes it impossible to decrypt files without paying the ransom. According to a Kaspersky Lab support page, the RannohDecryptor utility worked on numerous updated versions of the CryptXXX ransomware. However in late May, with the 3.100 release of CryptXXX, the RannohDecryptor was no longer able to decrypt files from the 3.100 version of the ransomware, but is still effective for early versions of the ransomware.
According to researchers from SetinelOne upon infection the files are encrypted using a combination of RSA and RC4 with the file extension of .cryp1, as opposed to earlier versions of CryptXXX that used .crypz and .crypt. Ransom payment analysis shows the Bitcoin address behind the ransomware has received 70 bitcoins between June 4 and June 21 with the average payout of 1.3 bitcoin ($766) from approximately 60 individuals or organizations. Better watch out.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street