CryptoMix ransomware (old ransomware spotted early in 2016) returns with a new trick, ripping data and images from crowdfunding sites and claiming ransomware payments go to the needy.
This old family of ransomware has returned with a new campaign which uses information about children stolen from crowdfunding websites and claims that payments made in exchange for unlocking encrypted files will be donated to good causes.
This CryptoMix is a combination of CryptXXX and CryptoWall ransomware. However, researchers have uncovered a new CryptoMix campaign that looks to make up for its lack of notoriety with this unpleasant new trick. Still, IOC’s, TTP and Encrypting mechanism are unavailable and the attribution of the attack is unclear.
This ransomware attack begins, like many others, with brute force attacks targeting weak passwords on RDP ports. Once inside the network, the attackers harvest the admin credentials required to move across the network before encrypting endpoints and wiping back-ups.
Victims are then presented with a ransom note that tells them to send an email to the ransomware distributors, who also warn victims not to use any security software against CryptoMix, with the attackers claiming that this could permanently damage the system.
Tricky Ransom Note to lure victims
Obviously, this isn’t the worrying part, but in an effort to lure victims into believing the scam, the CryptoMix distributors appear to have taken information about real children from crowdfunding and local news websites.
The researchers have notified the families of the children affected. The hackers claim that children will receive presents and medical help as a result of the payment but also threaten that the ‘donation’ will be doubled if the payment isn’t received within 24 hours.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets
Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack
Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker…
Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes…
DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with…
Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine.…
In a historic move, Microsoft has made the source code for MS-DOS 4.0, one of the most influential operating systems…
A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which utilized SSLoad malware for its operations…