Site icon Check Point Blog

Check Point Threat Alert: CryptXXX Ransomware

CryptXXX ransomware has been observed in the wild as of March 2016, delivered via the Angler Exploit Kit and spread through the Bedep trojan. The ransomware is demanding a $500 ransom to be paid in order to recover the encrypted files on a machine, and provides the victim the possibility to decrypt one file for free. If the victim does not pay the ransom after a few days the demand is doubled. It appears that the new ransomware is operated by the same threat actors behind the Reveton ransomware, and due to similarities in the infection vector and in the code, it is suspected that there is a connection between the actors and the operators of the Angler exploit kit. On April 26, Kaspersky released a decryptor for the ransomware, for machines running the Windows Operating System. The executable can be downloaded from the company’s Support Center (on this link).
DESCRIPTION

CHECK POINT PROTECTIONS
Check Point protects its customers from CryptXXX ransomware, Reveton ransomware and Bedep trojan with our Anti-Bot and Anti- Virus blades:

Check Point protects its customers from attacks delivered via the Angler Exploit Kit at each stage of the redirection chain prior to the infection with our IPS blade:

Check Point recommends activating the above IPS protections in Prevent mode.
TECHNICAL REFERENCES

Exit mobile version