One of the nastiest types of ransomware has just come back to life

And there's a new version of the CryptXXX malware to worry about too.
Written by Danny Palmer, Senior Writer

CryptXXX offers victims a chance to decrypt one file for free to show how they'll get everything back if they pay $500.

Image: SentinelOne

Just when you thought it was safe to go back onto internet... instances of Locky malware, one of the most prolific forms of malicious software, have bounced back following what had been a huge decline in activity.

Then if that wasn't bad enough, a new, more highly evolved and more effective version of the CryptXXX family of ransomware has been discovered -- and cybersecurity researchers say it's only going to become and more dangerous.

Recently cybersecurity researchers at Symantec said they had noticed a massive decline in instances of Locky -- along with Dridex and Angler malware -- detected during June.

But now, the nefarious distributors of Locky -- named as such because it locks down your files and demands payment to free them -- have regrouped and are back to their old tricks.

Cybersecurity researchers at Cloudmark say cybercriminals resumed their activity on June 21, spiking to much higher levels than previously observed before the malware took a break.

The revival of Locky, say Cloudmark researchers, was expected because "it is very difficult to take out a malware distribution network of this size". The main distribution method for Locky remains infected files within emails which targeted victims via social engineering.

And that's not the only bad news: researchers at security firm SentinelOne have been tracking a new variant of the CryptXXX ransomware. CryptXXX is a particularly nasty form of ransomware which not only encrypts files on the infected PC, but also also attacks any files on connected storage devices, steals cryptocurrency wallet funds stored on your system, and may also send sensitive data to cyberattackers, putting victims at further risk of hacking.

Previously, victims were able to exploit a loophole which enabled them to deploy free decryption tools in order to unlock devices infected by CryptXXX, but now the malware has essentially been patched to ensure that isn't the case -- and that files can only be decrypted after paying a $500 ransom in Bitcoin.

It's thought that this variant of CryptXXX alone has already successfully filled cybercriminal pockets with tens of thousands of dollars and, much like Locky, the success of the malware means CryptXXX is going to quickly spread as hackers realise it's an easy way to make a quick buck.

With CryptXXX the cybercriminals even provide victims with step by step information detailing how to acquire and send Bitcoin -- as well as the option of a limited test decryption service to demonstrate that the server really does decrypt files. The reason behind this? The malware authors know that people are more willing to pay to unlock their files if they know they'll get them back.

The technique has been successful: in the space of just two weeks, cybercriminals pushing this form of CryptXXX thought to have made around $50,000 in ransom payments alone.

Overall, instances of malware have massively risen during 2016, with high profile incidents even attracting the attention of the media outside of the technology industry.

Read more on cybercrime

Editorial standards