Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

CryptXXX Ransomware is now scrambling the filenames of Encrypted Files

Petrovic

By Petrovic
in Security & Privacy News

Recommended Posts

Petrovic

Petrovic

Posted
Posted

A new variant of the CryptXXX ransomware has been released that is not only modifying the extension of encrypted files, but is now renaming the entire file. First spotted by Michael Gillespie, a sample of a current CryptXXX was provided by Jakub Kroustek. When installed, my file's names were completely scrambled to a seemingly random filename and extension.

 

renamed-files.png

 

Though the file appear random, either the filename is encrypted in a certain way or the original filename is stored in the file in some manner so that they can be recovered if a person pays the ransom and decrypts their files.  This practice of completely renaming an encrypted file is not new as we have seen it in CryptoWall and Locky.

 

This method, though, does make life more difficult for system administrators to manage system infected by this ransomware. As CryptXXX is constantly modifying their encrypted file names, I would not be surprised if it changes to something else in the near future.

Article source

Link to comment
Share on other sites
  • Replies 3
  • Views 828
  • Created
  • Last Reply
straycat19

straycat19

Posted
Posted

There is a lot of chatter about ransomware but the only case I have ever seen in real life was almost two years ago.  It is only a threat for idiots and organizations who don't take security seriously.  There are steps anyone can take to protect themselves.  Don't click on any link in an email (we remove all links automatically), don't open any attachment (we remove all attachments automatically and provide an ftp server for uploads of any necessary documents), don't visit suspicious websites (we whitelist websites users can visit), don't click on links in facebook or twitter (closed groups are usually safe since no one unknown is allowed in), and then protect your system from running anything downloaded by blocking the appdata folder.

Link to comment
Share on other sites
youarefinished

youarefinished

Posted
Posted
then protect your system from running anything downloaded by blocking the appdata folder.

I am interested about this, how to achieve this? By blocking it using an app or there is any easy way without using any specific app?

Link to comment
Share on other sites
SB7

SB7

Posted
Posted

You could use the Group Policy Editor to create a Software Restriction Policy that prevents executables from from running in "LocalAppData"

Get to know the GPE , it's a very powerful tool.  You can control practically all aspects of PC behavior with it. 

We use it (AGPM) to prevent users from harming themselves LOL... and our network.

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...