The cryptxxx ransomware has once again gained the upper hand with a new strain that has recently been discovered by the Fortiguard Research lab. Ransomware of the cryptxxx family were initially seen in the beginning of May this year and since then a number of its variations have been observed. These ransomwares possess the capability to steal your data and bitcoin which coupled with the typical file-encryption trait makes them even more dangerous.
The developers of the cryptxxx ransomware have been involved in a tug of war with the security researchers for quite some time. The researchers from Kaspersky Lab provided a free tool to decrypt the files encrypted by this ransomware but the developers quickly released a evolved version of this malware to stay ahead of the security researchers. Since then the security researchers have been hard-pressed to catch up with the developers when they keep on tweaking their code to stay a step ahead.
There have been numerous strains of the cryptxxx malware seen floating in the web each slightly evolved from the last one. All the previous strain of this malware appeared in the form of dynamic-link library (.dll) files while the latest one comes as a more compact executable (.exe) file. While some of the first versions of this ransomware changed the extensions of encrypted files to some variations of .crypt, its recent versions don’t . So, it isn’t possible to identify encrypted files prior to opening them. The ransomware has also transitioned from the angler exploit kit to the nutrino exploit kit.
The cryptxxx ransomware is one of the largest ransomware campaign that has been seen. With multiple variations that has helped it stay a step ahead of the security researchers and its numerous infections, it’s reported earning $50,000 in its first three weeks has surely been substantially increased. The ransomware is also reported to have infected more than 2,000 websites for its distribution. The infrastructure of the cryptxxx ransomeware along with the persistence of its developers makes it one of the most dangerous malware out there.
Once your machine is infected with cryptxxx, the files on the machine are encrypted and a ransomware is delivered to you which demands a payment of around $500 in bitcoins. If you have been infected with the older versions of the ransomware than it might be possible to decrypt your files with the automated decrypting tools developed by security researchers. In case of the recent versions, you might better have backup of your data because it may not be possible to decrypt your data without paying the ransom. You can try some data recovery tool though it can not guarantee full system recovery. If you do have a backup make sure the ransomeware has been completely removed before restoring your data.
So, before your machine gets infected with cryptxxx or any other malware and you have to develop a habit of keeping back-up of your data. For additional security you should also install an antivirus program although it doesn’t guarantee full-proof malware protection.