Skip to main content
  1. Home
  2. Computing
  3. News

CryptXXX ransomware gets even tougher to crack, pulls in $45,000 in three weeks

Add as a preferred source on Google

The authors of the CryptXXX ransomware have pulled in more than $45,000 in ransoms in just three weeks, based on the transactions coming into the Bitcoin address associated with the malware.

SentinelOne, a security company, found that the latest version of CryptXXX is more robust and tougher to decrypt than previous iterations. These changes have apparently paid off for the crooks, who reportedly received about 70 Bitcoins in their Bitcoin wallet since June 4. As of this writing, that’s worth just over $45,000.

Recommended Videos

The firm notes that the people behind the scheme quickly moved the funds from this address, which was active from June 4-21.

It’s likely that they are using a Bitcoin tumbler, which obscures the details of the next wallet, to cover their tracks. They’ve also probably started using a new wallet since then to avoid any possible detection.

“With this kind of success, it’s likely we’ll continue to see this family and other ransomware families continue to grow and evolve,” said SentinelOne’s Caleb Fenton in a blog post.

There’s been a sort of cat-and-mouse game between ransomware creators and security companies. Kaspersky Lab recently released a decryptor software tool for users to decrypt their files free of charge, rather than pay the ransom, if they got infected by CryptXXX. The ransom is typically a couple of hundred dollars a pop.

Once this free tool was released, it forced the cybercriminals to rework their code so the encryption couldn’t be so easily broken. Then the vicious cycle continued when Kaspersky updated its own software. Now this latest version of CryptXXX once again skirts the power of the decryptor tool.

The new version also has a feature built-in that prevents retrieving backups; it does, for some reason, allow the victim to decrypt one file for free with a 512KB cap.

“This is a good idea from a psychological standpoint since the malware authors know that people are more likely to pay for something if they know that it will work,” said Fenton.

There have been previous cases of shoddily-coded ransomware variants out there that not even the authors have been able to crack after their victims have coughed up the Bitcoins.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more