Cybercriminals are relentless when it comes to producing ransomware strains as they result into a faster and more efficient way to make money.
A recent study, which investigated a specific Bitcoin account for about 3 weeks earlier this year, showed that the person or team handling the account made approximately US $49,700. A huge chunk of this amount came from at least 60 different payments of about US $500 each.
The research team also suggested that these are mostly from CryptXXX cases as the consistent amounts form a pattern indicative of the variant.
While it is not confirmed to be CryptXXX, the researchers found out that the account wasn’t active until a little before the three-week duration that they studied it – leading them to think this account was used for a particular ransomware campaign.
The investigation team also theorised how multiple accounts could have been used in relation to the CryptXXX campaign, signifying the ransomware team could have made more than the amount they were able to probe.
The experts studying the ransomware strain said that it was next to impossible to decrypt the infected files.
It was discovered a couple of months before the study was done, strengthening the assumption that the cybercriminal team could have a whole lineup of Bitcoin accounts.
CryptXXX is also said to have the capability to steal private data from infected computers, including the victim’s Bitcoin account information. The ransomware variant has also been known to have upgrades done to their system, improving on the flaws of previous versions.
The experts who handled the case also said the present ransomware they studied makes it next to impossible to decrypt the infected files.
The sample they handled also included functions added to confuse anyone trying to analyse CrpytXXX – the ransomware was observed to be making bogus tasks during its operation.
While the ransom note is uploaded onto a machine at the start of the process, file encryption and other steps occur later on.
CryptXXX does have a characteristic not normally found on other ransomware – it tries to help the victim.
The malware shows several messages on the affected machine, instructing the victim on what to do and informing them what happened to their data. On top of that, CryptXXX also allows the victim to decrypt one file, free of charge.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.