An updated version of the CryptXXX ransomware – that again renders decryption tools ineffective and has the ability for network share encryption – has been spotted in the wild.
Proofpoint researchers said in a blog post that CryptXXX v3.1000 was found in the wild last week. The nasty network share capability allows an infected machine to scan the /24 subnet on a local area network, find shared storage resources and then encrypt those files.
It was also noted that the CryptXXX decryptor tool developed by Kaspersky Labs had been rendered ineffective by CryptXXX v2.0 in May. It now remains basically unusable as “decrypting individual files is time-consuming and scales poorly, especially as CryptXXX begins encrypting many more files across network shares,” the Proofpoint researchers wrote.
The attackers also rolled out a new payment portal.