Tuesday, May 28, 2024

CryptoMix Ransomware – Tricks Users to Pay Ransom for Helping Children

CryptoMix ransomware (old ransomware spotted early in 2016) returns with a new trick, ripping data and images from crowdfunding sites and claiming ransomware payments go to the needy.

This old family of ransomware has returned with a new campaign which uses information about children stolen from crowdfunding websites and claims that payments made in exchange for unlocking encrypted files will be donated to good causes.

This CryptoMix is a combination of CryptXXX and CryptoWall ransomware. However, researchers have uncovered a new CryptoMix campaign that looks to make up for its lack of notoriety with this unpleasant new trick. Still, IOC’s, TTP and Encrypting mechanism are unavailable and the attribution of the attack is unclear.

How this Rransomware works?

This ransomware attack begins, like many others, with brute force attacks targeting weak passwords on RDP ports. Once inside the network, the attackers harvest the admin credentials required to move across the network before encrypting endpoints and wiping back-ups.

Victims are then presented with a ransom note that tells them to send an email to the ransomware distributors, who also warn victims not to use any security software against CryptoMix, with the attackers claiming that this could permanently damage the system.

Tricky Ransom Note to lure victims

Obviously, this isn’t the worrying part, but in an effort to lure victims into believing the scam, the CryptoMix distributors appear to have taken information about real children from crowdfunding and local news websites.

The researchers have notified the families of the children affected. The hackers claim that children will receive presents and medical help as a result of the payment but also threaten that the ‘donation’ will be doubled if the payment isn’t received within 24 hours.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack

Website

Latest articles

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting...

Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript

Google has released a patch for a zero-day exploit in its Chrome browser.The...

Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack

State-sponsored hackers recently exploited vulnerabilities in MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE).They...

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles