CryptXXX ransomware offers festive discounts

News by Max Metzger

CryptXXX ransomware has been offering sizable discounts to its victims because, after all, it is Christmas.

It appears that even cyber-criminals are feeling the festive spirit as CryptXXX is offering its victims/customers a seasonal consolation. Forcepoint Security Labs say that CryptXXX users are actually offering discounts to those they've infected.

CryptXXX normally sets a ransom at 1.2 bitcoin (£800), but offers a discount of over 50 percent for new victims, charging them the modest sum of only half a bitcoin (£330).

Anton Ivanov, security researcher at Kaspersky Lab told SC Media UK that this revelation is not all that new: “It is a common technique used to increase the infection's conversion rate. Threat actors that are behind other ransomware families (especially families which are not popular) offer “discount” to victims if they think that they would not receive the original ransom.”

Cyber-criminality, and ransomware specifically, have undergone a marked professionalisation in recent years. The ransomware users of today want to make it as easy as possible for their victims to pay up and so have learnt lessons from the world of legal business in order to smooth that process.

On the victim side, hackers regularly include FAQs and helpful instructions on how to pay the ransom. Others are known to employ graphic artists, technical support and even something akin to customer service centres, according to some reports.

Infection is easy enough, but converting those successful infections into money adds a new level of complexity. Ransomers want a victim that, when faced with the option of either fighting or paying up, to choose the easier option.  

Paul Ducklin, senior technologist at Sophos has seen new tactics emerge: “We've seen ransomware crooks try the, ‘Hey, we're humans after all' story before, apologising for infecting you, or talking to you politely, or telling you they're giving the money to charity.”

But, Ducklin told SC, “We don't think this ‘Christmas Discount' is a sign of increasing professionalism, if you can use that term in respect of extortionists.”

“If anything, 2016 has been the year that lots of wannabe criminals wanted in on the ransomware game, even including what we dubbed ‘boneidleware', where the crooks were so lazy they just pretended to have scrambled your files, but took your money and deleted them instead.”

On the user side, ransomware has followed step with the rest of cyber-criminality with the proliferation of ransomware as a service.

The benefit of offering a seasonal discount may well be nullified by Kaspersky Lab's recent release of a decryptor tool. The lab has released a series of decryptor tools for variants of CryptXXX over 2016, and just recently released a decryptor for the latest version.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews