14 DAY TRIAL // The criminal group behind the CryptXXX ransomware received ransom payments worth $45,000. This sum includes payments made to just one of the group's many Bitcoin wallets and is mirrored by data gathered only from June 4 to June 21, 2016.
This data reflects the group's operations associated with a new version of the CryptXXX ransomware, discovered by researchers from SentinelOne.
CryptXXX is undecryptable once again
The world met the CryptXXX ransomware for the first time in mid-April this year, but only after a week, Kaspersky was able to create a decrypter for its first version that allowed users to recover files for free.
Crooks fought back by updating the ransomware, but so did Kaspersky researchers, who constantly updated their free decrypter.
This recent version of CryptXXX is the latest phase in this never-ending battle, breaking the most recent decrypter again, and making CryptXXX undecryptable once more.
Angler and Nuclear shutdown hampered CryptXXX distribution
Crooks continued to spread the ransomware via spam email, but also by other means. Unlike in April and May, when Angler and Nuclear were still alive, distribution via exploit kits is down.
CryptXXX's most recent version differentiates itself from older iterations by using the crpyt1 extension for all encrypted files. Previously, CryptXXX used the crypt and crypz extensions.
The ransomware also employs a combination of RSA and RC4 encryption to lock the user's files, and the encryption process has been hardened just to defeat the aforementioned free decryptors.
CryptXXX is a small scale operation compared to other criminal groups
But all of these are just secondary details when compared to the fact that the crooks behind this ransomware can make up to $2,600 per day, $80,000 per month, and over $950,000 per year.
For comparison, Check Point estimated that the crooks behind the Nuclear exploit kit made around $100,000 per month before being shut down.
These are pennies compared to a massive cyber-crime campaign uncovered by Cisco, who disrupted a major ransomware campaign last year, which would have pocketed crooks over $34 million per year by distributing ransomware via the Angler exploit kit.
"It's likely we'll continue to see this family and other ransomware families continue to grow and evolve," SentinelOne explains. "Some factors which may contribute to this are the increasing reliance on computers to store and process valuable information and the increasing popularity of Bitcoin which is semi-anonymous, works globally, and is difficult to regulate because it's completely decentralized."
