New and Improved CryptXXX Ransomware Rakes In $45,000 In 3 Weeks

An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.

jumpin' jesus its hot

[Anonymous Coward]

Someone please turn OFF the deathray.

Thanks,
Gus

Re:

[EvilSS]

Don't like the heat? Want the temp back to normal? Send 5 bitcoins to...

What happens to ransomware if Bitcoin collapses?

[swb]

Almost all these ransom schemes involve Bitcoin as a form of payment. What would happen to ransomware if Bitcoin collapsed and became worthless?

Maybe it's like asking what the night sky would look like if the stars went away (ie, unlikely), but maybe its use in ransom schemes would be one more reason for the Feds to "ban" it or make it so prohibitive to exchange currency for Bitcoin that asking for ransom in bitcoin would be like asking for it in moon rocks.

Re:

[cryptizard]

There are a bunch of other crypto currencies now, a few with multimillion dollar total values. They would switch to another one. There are even new ones with better anonymity guarantees than Bitcoin, making them harder for governments to effectively "ban".

Re:

[mlts]

Problem is... which currency? There are a lot of crypto-currencies out there, even people who have services where one can make your own cryptocurrency with various parameters. BitCoin was the first and has the most support from the mainstream. I can't really go up to a website and pay them in Dogecoin as I can with BTC.

A BitCoin 2.0 is possible, but the hard part is getting critical mass. We already got through initial growing pains with BTC, and people are way about another currency and possible Mt. Go

Re:

[peawormsworth]

Well I think bitcoin should be singular. As in "...received 70 bitcoin."

Whenever I see "bitcoins", I think of the amount being a wallet of several individual bitcoin, like a dollar bill, an individual thing, which it is not.

Re:

[dejitaru]

All currencies have illegal activity linked to them, you think that with the advent of bitcoin suddenly illegal money transactions started?

Re:

[bobbied]

Perhaps, but BitCoin has driven such activity to a whole new level of ease for the bad guys. Now you can collect payment from your mark and collect without having to exchange a briefcase of paper, diamonds, bullion or some other physical material or go though the risk of accepting a credit card payment or wire transfer.

Re:

[DarkOx]

Yes but only because law enforcement and the courts have not figured things out yet. Compared to say cause and money laundered through other more conventional meas, its should be much easier to trace BitCoin. I mean you can follow the money back thru all the wallets its passed through. So it should be easy to 'find' coins that have been thru that wallet. Talk to all the people who accepted those coins and work backward. No sure the ransom-ware operators can do things to make that harder by say moving t

Re:What happens to ransomware if Bitcoin collapses

[bobbied]

I don't think the problem with law enforcement is lack of understanding or technical ability, but more of a lack of interest in "solving" such crimes because of the sheer amount of cost it would involve.

Think about it... Your local police don't care that you are getting forced to pay $50 to get your files back, well they don't care *enough* to bother doing anything more than possibly making an official report (if that). The local police don't have the resources or time to follow up and the criminal is unlikely to be within their jurisdiction anyway. The state police are too busy solving bigger crimes to bother with such a 2 bit $50 extortion crime even though it's slightly more likely the criminal was within their jurisdiction. The Federal police (FBI) REALLY doesn't care about your $50 ransom payment, they have so much bigger fish to fry that they won't likely bother to even take a report from you, unless it happens to be aligned with some investigation already in progress, even then what can they do if the criminals are overseas? Nothing.

So it's not lack of ability, it's lack of motivation. Literally, those who could do something are too busy to care and those who care can't do anything.

Re:

[DarkOx]

That may be true but when its one guy scamming 5000 people out of $50 then that are bit bigger fish. I don't think anyone is authoring crypto malware in hopes of only scamming a handful of people out of $50 not worth the trouble. They either hope to hit a large number of individuals or a sizable organization the can take for a large sum in one shot. Either way they go about it their own success should make them big enough to be interesting to law enforcement.

At that point I think a follow the money type

Re:

[Opportunist]

By that logic it's time to outlaw all currency, there isn't a single one I'd know of that isn't use to deal in drugs.

Re:

[mlts]

If someone can void the transfers and delist the illegal transactions, what keeps someone from voiding legit transactions under some pretense? For example, if a group is disliked in a country, what is to say the same mechanism that stops ransomware transactions would not be used to stop dissident organizations, or rival parties against the incumbant come an election?

The thing about BTC is that it gives plenty of rope to hang people with. The blockchain is immutable, and even though people don't know who o

Re:What happens to ransomware if Bitcoin collapses

[Penguinisto]

Hell, I'm wondering what would happen if people, like, you know, backed up their shit once in awhile to an external USB drive.

Sure, you'd still have the incidences of getting bit during the backup (while the drive was plugged in), but if you use your head about it, the odds become almost astronomical in your favor.

Re:

[swb]

I think the backup thing is compounded by people who do backup but leave the backup disk connected all the time. It's reasonable protection for most system failures, but of course completely at risk for malware. The same goes for cloud sync systems and so forth.

You and I know that backups should be offline to be safe, but a lot of people don't, including people who should.

Re:

[mlts]

It is just an arms race escalation. Used to be that an external HDD was good enough. Now, probably the cheapest ransomware protection is a NAS that does ZFS/btrfs snapshots (if not backs itself up to an external HDD) so ransomware can only trash a share, which can be recovered.

Re:

[Solandri]

I run a small computer consulting/support business on the side. To date I've gotten 3 inquiries which were ransomware-related. (Might've been 4. The person's symptoms sounded like ransomware was in the process of encrypting his files. I told him to this and to immediately shut everything down and to contact me again for further steps, but he never did.) Meanwhile I've gotten dozens of inquiries about how to get "irreplaceable" data off dead hard drives or thumb drives, or which had been accidentally for

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Coren22]

This comment made me stop and think. I have now spent approximately 30 minutes trying to determine what was the best way to do backups to replace my backup to external USB, as ransomware now makes that not a good solution anymore. This is for home use, not work use as work can afford the expensive solutions.

The solutions I just ran through were:

Tape - probably would cost upwards of $10k or require more work from me every backup swapping tapes
Blu Ray - Even worse...tape is 800GB for a reasonably priced dri

Re:

[Cro Magnon]

Maybe it would be like post-WW1 Germany. You'd have to pay a billion bitcoins for a $100 ransom.

Re:

[bobbied]

It would cost more in electricity to run the block chains on a billion BitCoins that the $100 ransom.. Only the miners would win, if there where any miners out there at that point.

Behind bars

[Anonymous Coward]

Please someone put these people behind bars already. Yes, security holes should be patched, but the criminals behind this need to be taught a lesson. And that lesson should not be that they can continue harassing people as they please.

Re:

[cryptizard]

They are all in countries like Russia where nobody can do anything about it.

Re:

[cryptizard]

Hmmm I guess that would probably stop them from developing new attacks if they knew they couldn't get any money out of it, but it would be a hell of a painful transition period. It's not just grandma's photos that are getting held for randsom, government offices and hospitals have been in the news paying a ton of money to get their files back.

Re:

[Opportunist]

Great, then people would pay them AND not even report it.

Re:

[Tablizer]

They are all in countries like Russia where nobody can do anything about it.

Send spies into their home at 3am to break both their arms in a "bathtub accident", or pull an Israel and cut off their Jingle Bells. Or trick them via Judo call-ladies, who perform both actions.

Re:

[VAXcat]

Hell, the US Government can't even do anything about "Bridget from Card Services", you expect them to be able to find and do something about these scammers?

Re:

[Tablizer]

Bridget now eats oatmeal through a straw. Unfortunately, Marla took her place.

Re:

[Opportunist]

Good idea.

Problem is just that the feds in Somewheristan have better things to do than care about your people having a problem. They simply don't give a shit about virtual crimes, they have real crimes to deal with and already limited resources.

In other words, your problems are not theirs.

Re:

[sjames]

Someone needs to hack Hillary's email server and authorize a few drone strikes...

Re:

[Opportunist]

I don't know if a drone strike against the RBN is a good idea, our relationship with Russia is already a bit tarnished...

These viruses are fun...

[__aaclcg7560]

My job got hit by an email-delivered virus that spread across the network and encrypted 200+ hard drives before being stopped. Fortunately, user profiles are stored on the network. Didn't take much time to deploy loaner laptops and re-image the desktops to get the users up and running again.

Re:

[__aaclcg7560]

When I worked on the Google help desk in 2008, I had to walk a newly hired Stanford graduate through the process of turning on his own computer. He was shocked — shocked! — that no one was standing around to turn on the computer like they do at the university computer labs. Apparently, they don't teach computer scientists on how to turn on hardware. Oy!

Re:

[__aaclcg7560]

You need to get in line behind all my other adoring AC fans. I'm sure they will accommodate your needs.

CryptXXX only runs on Microsoft Windows ..

[khz6955]

CryptXXX only runs on Microsoft Windows [bleepingcomputer.com] I presume ..

Re:

[chispito]

CryptXXX only runs on Microsoft Windows [bleepingcomputer.com] I presume ..

Well maybe if you ask nicely the authors will compile it for your platform of choice. I'm not sure how easily you'll find a steady supply of non-Microsoft shops to spearfish, though.

Re:

[dejitaru]

Yes, as the article you linked to stated:

CryptXXX is a Windows ransomware infection

Though there's other ransomware out there for other systems

Re: CryptXXX only runs on Microsoft Windows ..

[JustAnotherOldGuy]

CryptXXX only runs on Microsoft Windows [bleepingcomputer.com] I presume ..

I recently switched to Linux Mint; could you perhaps recommend some good Linux-compatible ransomware that I can run on my machine?

Re:

[Anonymous Coward]

I'd suggest systemd, but it won't go away even if you pay a ransom...

Re:

[Applehu Akbar]

I recently switched to Linux Mint; could you perhaps recommend some good Linux-compatible ransomware that I can run on my machine?

My favorite ransomware, available on both Windows and macOS, is Adobe Creative Suite.

Re:

[Scoldog]

CryptXXX only runs on Microsoft Windows [bleepingcomputer.com] I presume ..

I recently switched to Linux Mint; could you perhaps recommend some good Linux-compatible ransomware that I can run on my machine?

The SCO Group [wikipedia.org]

Re:

[Coren22]

This particular ransomware is Windows only, but it isn't like your OS of choice is immune, just not worth targeting. There have been ransomwares for MacOS and Linux, they just don't gain the traction of the Windows only ones because there are so few people who actively use these OSes.

Time for a revival

[fustakrakich]

Using write once media for backups should come back into vogue.

Re:

[Tablizer]

Perl? ;-)

Re:

[bobbied]

Perl? ;-)

Hey, don't bash all that old Unix stuff (pun indented).. It worked (actually still does..)

Backup?

[Anonymous Coward]

Doesn't anybody back their crap up?

Re:

[dejitaru]

Sadly it doesn't seem like it as there's numerous articles about companies and hospitals paying because they don't have backups. I seriously hope that this will be a wakeup call for them.... but probably only until they feel the need to "cut costs"

Re:

[mlts]

Nope, from what an acquaintance told me who works in that field, you tell a hospital that they need to buy Veeam and a backup device, they will show you the door because those do not offer any positive ROI. You point out HIPAA issues, they will just laugh and point out that HIPAA is almost rarely enforced. They are more interested in having sophisticated locks to keep patients out of the Prozium cabinets than to have any actual protection of records.

Re:

[OfficeLackey]

No, no they don't. I have spent WAY too many years of my life evangelizing backup solutions. And I can tell you without a moments hesitation, that they do not. In fact, when computer illiterate people jack their files up with CryptXXX, if you have touched their machine in the last 6 months, it will be your fault. That's how their minds work. It's why they spend hours on Facebook and we have technical job. (and completely misunderstand each other)

Re:

[Barlo_Mung_42]

Then I think they're getting off easy being able to get the data back for $500. If the drive goes tits up it probably costs more than that and the data may be gone for good at any price.

Re:

[Opportunist]

80% of them don't.

The other 20% do make backups and only notice when they need them that the backups are worthless when they finally need them because they don't do recovery test.

Re:

[Opportunist]

Give it time, our Russian friends are working hard at educating the masses about the advantages of backups.

Re:

[bobbied]

Actually there is a vanishingly small slice of folks who make backups and actually test them occasionally.... I know, I'm one of them...

Re:

[Voyager529]

Doesn't anybody back their crap up?

I kept telling people to back up their data, but no one listened.

I found, however, they were somewhat more receptive when I told them to back that thang up [youtube.com].

Re:

[EvilSS]

Doesn't anybody back their crap up?

Sure. But unfortunately ransomware is becoming a common way companies are finding out that they are either not backing everything important up, or their backups are not configure correctly and they don't have the backups they thought they had.

Re:

[mlts]

If you ask someone if they back their stuff up, they would say that their computer doesn't have a reverse gear. In fact, I've encountered plenty of people who assume their documents will get trashed, and don't bother doing anything about it. If you can get people to install Mozy or something, that is almost a miracle, much less plugging in an external HDD.

Plus, for Windows, most client backup utilities outside of Veeam and Bup are utter garbage. I've seen way too many programs fail silently and not compl

Re:

[cryptizard]

Lots of malware now uses Tor hidden services for C&C, which can't be blocked with a simple hosts file.

Re:

[cryptizard]

How do you know that it uses the OS host resolution at all? Tor browser does not, it bypasses the hosts file entirely.

Re:

[cryptizard]

I am not the one that has to prove because I didn't make any claims, I am just positing alternate scenarios. You literally said it would "not only BLOCK this bogus machination, but to also stop it from functioning PERIOD." You have no proof of that. For all you know if it can't contact the C&C server it might just wipe your machine for fun. I'm sure your hosts file is good for a lot of things, but you are making baseless claims here.

Re:

[cryptizard]

Again, how do you know it blocks the tor component of this threat? Did you download the malware and give it a shot on your computer? There is no evidence that it uses the OS host resolution at all. It even says in the report you linked that the binary contains its own DNS code. Also, I never attacked you or resorted to name calling so chill out please, we are just having a discussion.

Re:

[cryptizard]

Even if the FBI has an attack on Tor, it doesn't matter at all because the perpetrators are probably in a country where they have no jurisdiction. I don't know why you keep pointing that out like it means something in this case. The malware authors are not afraid of the FBI. The fact that they use Tor is to make it harder for non-FBI people to detect and stop them. Also I don't think you understand how host resolution works works. The fact that the malware contains its own DNS code means that it can 10

Re:

[cryptizard]

It literally says "spam and perhaps other means" in the first line. Lololol. It really seems like it is YOU who FAIL at ALL LEVELS CONCERNED. RANDOM CAPITAL LETTERS.

Re:

[Opportunist]

Bank robberies have not been a good idea for a pretty long time now. Your loot is usually crappy, your chance to get caught is insanely high.

Hold up a 7/11 instead. More money, less danger.

Re:

[bobbied]

Identity theft is much more lucrative and less risky I hear...

Personally, I prefer "Hard work" as a means of supporting myself and family, but hey, blame the way I was raised.

Re:

[Opportunist]

"Hard work"? Please. Ok, maybe having some idiots work hard for me, I could see that.

In general, I follow the law of nature: Least expense for the maximum revenue.

Re:

[bobbied]

I didn't specify what kind of "hard work" well enough I guess. Can we say working hard in a smart way? I.E. Working hard and getting the most I can for my efforts in the most moral and ethical way I can. So, if you want to pay me the most when I work hard for you, let's talk...

Death

[JustAnotherOldGuy]

Death to these ransomware pricks.

Surprised it's not more

[coldsalmon]

That works out to about $800,000 per year. It's a lot for one person, but there are likely many people working on this. They're not even sitting back and watching the money roll in; they've been constantly working to keep up with the white hats. If there are more than 10 people working on this, they could probably get normal jobs that would pay nearly as well. So it actually looks like we're doing a pretty good job of making this unprofitable. I suppose the determining factor is local salaries, so it will b

What is the right backup solution?

[burhop]

I've got a server with Raid 1 for backups. At one time, it seemed like a good idea but, obviously, the bad guys can encrypt my backups with this setup where I'll end up having redundant copies of mush. What is the best solution now so that I can totally thumb my nose at at the first person that manages to encrypt a family member's computer? An offline USB Drive may be good but doesn't feel very automated to me :-(

Re:

[mlts]

Back up the server? Even snapshots will foil most ransomware because they can't normally zap ZFS or btrfs snaps through a CIFS share interface.

Re:

[ben_kelley]

See parent. A copy is not a backup. A copy is good for when your primary storage fails and you want to get online quickly (or instantly with Raid), but no good when you discover that this file you need was encrypted 3 days ago, and all your copies have the same encrypted file.

Re:

[Walter White]

Good reason to version backups. Mine go to a new directory (e.g. .../backup//dd/... And when 'dd' == 01, it goes to .../backup//yyyy-mm-dd/... and is complete. The rest are incremental. And a copy goes offsite via ssh so even if they got to my local backup server (*) the remote server would remain intact.

(*) My backup server is not that fast. I'd likely recognize the issue before it was fully encrypted.

Sadly, I'm running Linux so I probably won't get a chance to prove that my strategy works.

Re:

[Coren22]

If you think this is an important story to discuss, the submission link is located here:

https://slashdot.org/submissio... [slashdot.org]

Otherwise, why post an offtopic link? You are just being buried under all the other posts on the current article, and getting down modded so that the majority of people don't even see the link you are posting.