Now CryptXXX version 3.100 comes with more sophisticated updates, credential stealing module and abilities to encrypt even network shares.
CryptXXX is the ransomware with the most recently released ransomware with rapid development . Researchers have been tracking its updates since it first appeared in April this year. The first major improvement came in May. It managed to break the decryption tool that was already released to combat the virus and made the access to its system files harder, by locking the infected PC’s screen.
A few days ago, a new set of “extras” for this notorious ransomware was released. Now CryptXXX version 3.100 comes with more sophisticated updates, credential stealing module and abilities to encrypt even network shares. These new updates automatically rendered the current decryption tool obsolete, leaving the encryption unbreakable for now.
The bad thing about version 3.100 is that even if users find a way to decrypt their data through an updated decryptor, or they pay for the decryption key, CryptXXX is still able to cause major harm by encrypting files in network shares or incorporating direct targeted attacks. These malicious activities are a new addition to the ransomware type of threats.
Through a scanning activity, CryptXXX 3.100 version is able to detect shared resources on the network and encrypt them one by one. Once а suitable file is found, the ransomware changes the file ending with the new .cryp1 extension. Before these updates, the old versions encrypted files with a .crypt extension. A decryption tool for the old version was available, but the new algorithm is still a challenge for the security experts. Currently here is no decryption support provided for the latest version of CryptXXX.
Not only that, but the updated version allows cybercriminals to steal users’ credentials and sensitive data, as well as launch targeted attacks. All this is possible with an update called StillerX. In order to make some more money from the infection, the hackers introduce this credential stealing module into the system along with CryptXXX 3.100. This module is found under names such as “stiller.dll”, “stillerx.dll” and “stillerzzz.dll” and acts like a plugin that targets credentials from a wide range of applications.
Even though it comes as an “extra” with the CryptXXX 3.100 ransomware infection, StillerX could possibly be used even as a standalone tool that could track various types of data. It could collect basic information such as host, username, operating system details, running processes, windows id product key, browsing related data, login credentials, etc. This data could potentially be used by the cybercriminals to perform multiple criminal deeds and attacks.
Equipped with these recent updates, CryptXXX 3.100 is currently the most dangerous and widely-spread ransomware. These new “extras” would definitely put it as a dominant player in the already overcrowded ransomware “market”. Without a decryption tool available yet, users and organizations have no other choice, but turn their focus to the best prevention practices and malware detection tools available.