Just when you thought it was safe to go back onto internet... instances of Locky malware, one of the most prolific forms of malicious software, have bounced back following what had been a huge decline in activity.
Then if that wasn't bad enough, a new, more highly evolved and more effective version of the CryptXXX family of ransomware has been discovered -- and cybersecurity researchers say it's only going to become and more dangerous.
Cybersecurity researchers at Cloudmark say cybercriminals resumed their activity on June 21, spiking to much higher levels than previously observed before the malware took a break.
The revival of Locky, say Cloudmark researchers, was expected because "it is very difficult to take out a malware distribution network of this size". The main distribution method for Locky remains infected files within emails which targeted victims via social engineering.
And that's not the only bad news: researchers at security firm SentinelOne have been tracking a new variant of the CryptXXX ransomware. CryptXXX is a particularly nasty form of ransomware which not only encrypts files on the infected PC, but also also attacks any files on connected storage devices, steals cryptocurrency wallet funds stored on your system, and may also send sensitive data to cyberattackers, putting victims at further risk of hacking.
Previously, victims were able to exploit a loophole which enabled them to deploy free decryption tools in order to unlock devices infected by CryptXXX, but now the malware has essentially been patched to ensure that isn't the case -- and that files can only be decrypted after paying a $500 ransom in Bitcoin.
It's thought that this variant of CryptXXX alone has already successfully filled cybercriminal pockets with tens of thousands of dollars and, much like Locky, the success of the malware means CryptXXX is going to quickly spread as hackers realise it's an easy way to make a quick buck.
With CryptXXX the cybercriminals even provide victims with step by step information detailing how to acquire and send Bitcoin -- as well as the option of a limited test decryption service to demonstrate that the server really does decrypt files. The reason behind this? The malware authors know that people are more willing to pay to unlock their files if they know they'll get them back.
The technique has been successful: in the space of just two weeks, cybercriminals pushing this form of CryptXXX thought to have made around $50,000 in ransom payments alone.