CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler
Botnet CryptXXX, Reveton, Bedep
Malware
Botnet/malware group
Exploit kits Angler
Services
Feature
String(s): CryptProjectXXX
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2016 / 2016-04-18
Editor/Conference Proofpoint
Link https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler (Archive copy)
Author Kafeine
Type Blogpost

Abstract

Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. Dubbed "CryptXXX", this new ransomware is currently asking a relatively high $500 per computer to unlock encrypted files. Angler is the number one exploit kit by volume, making the potential impact of new ransomware in the hands of experienced actors with access to this vector quite significant.

Bibtex

 @misc{Kafeine2016BFR4928,
   editor = {Proofpoint},
   author = {Kafeine},
   title = {CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler},
   date = {18},
   month = Apr,
   year = {2016},
   howpublished = {\url{https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler}},
 }