Cyberspace is brimming with cryptovirological exploits due to the uninterrupted activity of ransomware operators. They are numerous such groups that are constantly working on new encryption scripts that can get around network security and can render the expertise of ransomware removal experts useless.
Therefore, cybersecurity researchers actively search for newly active strains in the digital space so as to come up with a solution for them. In a latest such scavenging activity, a group of malware hunters has stumbled upon a new cryptovirological strain that primarily focuses on infiltrating clouds and Network Attached Storage. Researchers are still trying to figure out whether it’s a new script altogether or belongs to any existing cryptovirological family.
Cr1ptT0r Operators Take a Different Extortion Approach
In the majority of ransomware attacks, perpetrators provide their cryptocurrency wallet details in the ransom note. However, Cr1ptT0r operators have devised a multifaceted plan for extortion payments. Besides providing Bitcoin addresses in the note, they are also offering the victims to buy decrypter key from OpenBazaar, which is an open-source, decentralized portal for e-commerce transactions.
In order to prove that they have the complete legitimate decryption solution for the infection, they are providing free decryption of one file. Moreover, affected users are not bound to buy the entire decryption. They can also contact the attackers to decrypt individual files. The ransom amounts entailing separate files will be subjected to the type and size of a file. Instead of giving email addresses, Cr1ptT0r operators have provided an ID of instant Message App for further correspondence.
Ransomware removal experts are of the opinion that Cr1ptT0r has used the combination of AES and RSA encryption modules to lock down the files on the targeted devices. Decryption experts consider this mixed encryption as one of the most difficult to come through since every combination of AES and RSA can only be unlocked through a unique decrypter.
Cr1ptT0r have finished the note in language that is reminiscent of corporate representatives talking to their clients. They assure the victims of fast and responsive ‘customer support’ and also guarantees to provide complete decryption after full payment.
Experts have found out that Cr1ptT0r operators are using two payload delivery methods. They either break into a digital environment through Remote Desktop Protocols with poor security maintenance or by using intelligently-crafted phishing emails.
Don’t try to streamline your organizational operations through RDPs where internet security is not properly taken care of. While saving up a few dollars on RDPs, you can end up incurring business losses worth thousands of dollars.
Moreover, train your staff regarding social engineering tactics used by cryptovirological operators in devising phishing emails. Keep in mind that the majority of cyber attacks succeed due to human error.