Threat Management

CryptXXX ransomware again updated, can now encrypt network shared files

An updated version of the CryptXXX ransomware – that again renders decryption tools ineffective and has the ability for network share encryption – has been spotted in the wild.

Proofpoint researchers said in a blog post that CryptXXX v3.1000 was found in the wild last week. The nasty network share capability allows an infected machine to scan the /24 subnet on a local area network, find shared storage resources and then encrypt those files.

It was also noted that the CryptXXX decryptor tool developed by Kaspersky Labs had been rendered ineffective by CryptXXX v 2.0 in May. It now remains basically unusable as “decrypting individual files is time-consuming and scales poorly, especially as CryptXXX begins encrypting many more files across network shares,” the Proofpoint researchers wrote.

The attackers also rolled out a new payment portal.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds