The .crypt file ransomware served by Bedep and Angler EK
Xiya | 22.05.2016 10:02
A good backup strategy is the only way to stay bulletproof as far as ransomware attacks go. It’s sad to admit but people still neglect this tactic years after the first file-encrypting infections emerged.
Threats like CryptXXX are compromising Windows workstations on a large scale and turning victims’ files into dummy items with the .crypt extension.
The above-mentioned ransom Trojan affects computers in two ways. First off, it encrypts the user’s personal data and insists that a ransom should be paid in exchange for decryption.
Secondly, it usually installs as part of a combo whose other components exhibit data theft capabilities and also pilfer Bitcoins if any. The package with offending entities is delivered through the use of Angler, an exploit kit that has become notorious for engaging in numerous newsmaking hoaxes.
The criminals are taking advantage of Angler’s functionality to exploit security loopholes in outdated software installed on targeted computers. But before it even gets to that point, the user visits a hacked or malicious website that has a third-party script secretly embedded in its code. The script is tasked with redirecting users to the EK, which then does its dirty job behind the scenes.
The Angler kit drops a malicious program dubbed Bedep onto the PC. This is a complex malware dropper that pushes cyber threats of different severity. In the context of this particular campaign, Bedep deposits the CryptXXX ransomware as well as a piece of click-fraud malware. This unwelcome tandem wreaks havoc with the machine.
The ransom Trojan encodes files and appends the .crypt extension to every document, picture, video, database and many more types of data. According to the de_crypt_readme ransom instructions, the victim is bound to pay around $500 otherwise they run the risk of losing their important files irrevocably.
Going back to the point about backups, this will do the trick in attack incidents of this kind. If there are no reserve copies, though, the first thing to do is see if a decryptor is available for the
specific variant of CryptXXX ransomware, which may well be the case. One way or another, prevention is so much better than cure, so be sure to keep your software up to date and steer clear of suspicious websites.
The above-mentioned ransom Trojan affects computers in two ways. First off, it encrypts the user’s personal data and insists that a ransom should be paid in exchange for decryption.
Secondly, it usually installs as part of a combo whose other components exhibit data theft capabilities and also pilfer Bitcoins if any. The package with offending entities is delivered through the use of Angler, an exploit kit that has become notorious for engaging in numerous newsmaking hoaxes.
The criminals are taking advantage of Angler’s functionality to exploit security loopholes in outdated software installed on targeted computers. But before it even gets to that point, the user visits a hacked or malicious website that has a third-party script secretly embedded in its code. The script is tasked with redirecting users to the EK, which then does its dirty job behind the scenes.
The Angler kit drops a malicious program dubbed Bedep onto the PC. This is a complex malware dropper that pushes cyber threats of different severity. In the context of this particular campaign, Bedep deposits the CryptXXX ransomware as well as a piece of click-fraud malware. This unwelcome tandem wreaks havoc with the machine.
The ransom Trojan encodes files and appends the .crypt extension to every document, picture, video, database and many more types of data. According to the de_crypt_readme ransom instructions, the victim is bound to pay around $500 otherwise they run the risk of losing their important files irrevocably.
Going back to the point about backups, this will do the trick in attack incidents of this kind. If there are no reserve copies, though, the first thing to do is see if a decryptor is available for the
specific variant of CryptXXX ransomware, which may well be the case. One way or another, prevention is so much better than cure, so be sure to keep your software up to date and steer clear of suspicious websites.
Xiya
e-mail:
Xiya.4231@baidu.com
Homepage:
http://soft2secure.com.tw/knowledgebase/crypt-ransomware