What is the CryptXXX Ransomware?

CryptXXX is a Windows ransomware infection that was discovered by Kafeine (Proofpoint) in the middle of April 2016. This ransomware infection will affect all versions of Windows, including Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 10. When a victim is infected they will have their files encrypted and then a ransom of about 2.4 bitcoins, or approximately $1,000 USD, will be demanded in order to receive the decryption key.

When CryptXXX infects your computer it will scan all the drive letters for targeted file types, encrypt them, and then append the .crypt extension to them. Once these files are encrypted, they will no longer able to be opened by your normal programs. When CryptXXX has finished encrypting the victim’s files, it will change the desktop wallpaper to an image that acts like a ransom note. It will also display a HTML ransom note in your default browser. These ransom notes include instructions on how to connect to the CryptXXX Decrypt Service where you can learn more about what happened to your files and how you can make a CryptXXX ransom payment.

What should you do when you discover your computer is infected with CryptXXX

If you discover that your computer is infected with CryptXXX you should immediately shutdown your computer. Next give All Star IT a call on  1300338208 and we will book a technician to come onsite and review your computer and servers. If there is no decryptor available for this then we will make a backup of the encrypted files in the event one will be available later on.

If you have a backup we will then complete our Ransomware removal service to check for any malicious files on network and once clean will restore your files. If no backup we will complete the removal and remove any of the .crypt extensions on your network.

We generally never recommend you pay the ransom, but if you do plan on doing so, make sure to keep a copy of the ransom notes with your unique ID as you will need it to make a payment.

How do you become infected with CryptXXX?

A user is typically infected by CryptXXX through Exploit Kits and Trojan Downloaders such as Bedep. These exploit kits can be located on hacked sites or through malvertising. When a browser opens one of these exploit kits, it will scan your computer for vulnerable programs and attempt to exploit them to install and start the ransomware without your knowledge.

This is why we recommend you keep your PC’s and Servers up to date to ensure all vulnerabilities are patched. All Star IT recommend our Tech Guard Managed IT Plans which takes care of all your windows updates.

%d bloggers like this: