Skip to main content
  1. Home
  2. Computing
  3. News

After update, Kaspersky tool no longer combats CryptXXX ransomware

Add as a preferred source on Google

Ransomware is a growing threat to anyone that uses a computer — even the U.S. House of Representatives has been a recent target. This kind of attack can result in a desperate situation for the victim, and there’s now word that a common strain of the malware has been upgraded to resist countermeasures.

Last month, Kaspersky released a tool intended to help users targeted by the CryptXXX ransomware regain access to their systems without paying a bounty to the culprits. Now, researchers at Proof Point have identified a new version of the malware that can sidestep the company’s RannohDecrypter utility.

Recommended Videos

RannohDecrypter was originally developed to help users targeted by the Rannoh Trojan, but was later expanded to tackle CryptXXX as well. In response to this, the authors of CryptXXX have made some adjustments to the way their weapon targets systems to extort their owners.

Version 2.006 of CryptXXX locks down the targeted system completely, which was initially interpreted by Proof Point as a “quick and dirty” means of preventing the use of RannohDecrypter. However, there’s another more sophisticated strategy at play that removes Kaspersky’s tool from the equation.

CryptXXX now causes an error message to read, “encrypted file size does not equal to original” when the user attempts to employ RannohDecrypter. It’s thought that the malware is using the zlib data compression library as a means of counteracting the utility.

This development illustrates the cat-and-mouse game of modern security research. Research teams and malware developers are continually trying to stay one step ahead of the competition, which often boils down to studying the last move made by their opponent.

The advice on how to stay safe remains the same; keep your security software up to date, and avoid clicking any suspicious links, or opening unsolicited email attachments.

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more