2 ways CryptXXX is sneaking onto computers

Ransomware has many ways of being delivered to systems. CryptXXX, a particularly vile strain with a $500 unlock fee, has two methods that put many users at risk – and you’ll want to look out for both.

The first method may be the scariest for IT. Hackers are using a botnet called SoakSoak or RealStatistics to scan websites for vulnerabilities. If vulnerabilities are discovered and there are no security programs to prevent intrusion, the hackers then deliver ransomware via the site’s code.

The result: Users visiting sites of affected businesses and organizations wind up infected with malware that’ll lock their files and demand $500 to access them again.

In order to prevent your site from being affected, it’s important to make sure your CMS is up-to-date and to have some level of protection available to sniff out or prevent malware infections.

Email, too

The second method for infected users with this malware is spam. And while that may not sound new or exciting, there is a twist.

According to ProofPoint researchers, there have been instances of the malware being sent as spam attachments, usually geared toward IT with subject lines referring an automatic breach detection notice.

And experts say it may just be the beginning. A relatively small initial spam blast could be a prelude to finding out if there’s a possibility of a massive campaign later.

All the usual methods of preventing spam still apply: training users to recognize the risk, scanning for malicious attachments and backing up files in case one or more of your systems winds up infected.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy