Menu
Toy maker Maisto’s website pushed growing CryptXXX ransomware threat

Toy maker Maisto’s website pushed growing CryptXXX ransomware threat

For now, there's a decryption tool that can help CryptXXX victims

Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free.

Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins.

If the attack successfully exploits a browser vulnerability, it then installs a malware dropper called Bedep, which in turn installs the CryptXXX ransomware.

CryptXXX was first discovered last week by researchers from Proofpoint. In addition to encrypting user files on local drives and network shares, the malware also acts like an information-stealing Trojan. It steals saved log-in credentials from browsers, instant messaging applications, FTP clients and email clients.

It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files.

Maisto.com is not the only recently compromised website that has been used to distribute CryptXXX. Researchers from Palo Alto Networks have observed a large attack campaign using the Angler-Bedep-CryptXXX combo since mid April.

The attackers behind that campaign had previously used the Nuclear exploit kit to deliver Locky, a different ransomware program.

"CryptXXX is now the default ransomware deployed in at least two major exploit kit campaigns and should be considered a growing cybersecurity threat," the Palo Alto researchers said in a blog post.

The good news is that the current version of CryptXXX seems to have a weakness in its encryption implementation. Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption tool to add support for CryptXXX affected files.

While that tool works for now, it's likely that the malware's creators will eventually figure out their error and fix it. Therefore, users should focus on prevention rather than remediation.

They should keep all of their software programs, and especially browser plug-ins like Java, Flash Player and Silverlight, up to date. They should also regularly back up their files to an external location that's not always accessible from the computer. Locally mapped network shares are not a good idea, because ransomware programs target those too.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments