Skip to main content

CryptXXX ransomware gets even tougher to crack, pulls in $45,000 in three weeks

A pair of hands on a laptop keyboard with two displays.
Image used with permission by copyright holder
The authors of the CryptXXX ransomware have pulled in more than $45,000 in ransoms in just three weeks, based on the transactions coming into the Bitcoin address associated with the malware.

SentinelOne, a security company, found that the latest version of CryptXXX is more robust and tougher to decrypt than previous iterations. These changes have apparently paid off for the crooks, who reportedly received about 70 Bitcoins in their Bitcoin wallet since June 4. As of this writing, that’s worth just over $45,000.

Recommended Videos

The firm notes that the people behind the scheme quickly moved the funds from this address, which was active from June 4-21.

Please enable Javascript to view this content

It’s likely that they are using a Bitcoin tumbler, which obscures the details of the next wallet, to cover their tracks. They’ve also probably started using a new wallet since then to avoid any possible detection.

“With this kind of success, it’s likely we’ll continue to see this family and other ransomware families continue to grow and evolve,” said SentinelOne’s Caleb Fenton in a blog post.

There’s been a sort of cat-and-mouse game between ransomware creators and security companies. Kaspersky Lab recently released a decryptor software tool for users to decrypt their files free of charge, rather than pay the ransom, if they got infected by CryptXXX. The ransom is typically a couple of hundred dollars a pop.

Once this free tool was released, it forced the cybercriminals to rework their code so the encryption couldn’t be so easily broken. Then the vicious cycle continued when Kaspersky updated its own software. Now this latest version of CryptXXX once again skirts the power of the decryptor tool.

The new version also has a feature built-in that prevents retrieving backups; it does, for some reason, allow the victim to decrypt one file for free with a 512KB cap.

“This is a good idea from a psychological standpoint since the malware authors know that people are more likely to pay for something if they know that it will work,” said Fenton.

There have been previous cases of shoddily-coded ransomware variants out there that not even the authors have been able to crack after their victims have coughed up the Bitcoins.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Turns out, it’s not that hard to do what OpenAI does for less
OpenAI's new typeface OpenAI Sans

Even as OpenAI continues clinging to its assertion that the only path to AGI lies through massive financial and energy expenditures, independent researchers are leveraging open-source technologies to match the performance of its most powerful models -- and do so at a fraction of the price.

Last Friday, a unified team from Stanford University and the University of Washington announced that they had trained a math and coding-focused large language model that performs as well as OpenAI's o1 and DeepSeek's R1 reasoning models. It cost just $50 in cloud compute credits to build. The team reportedly used an off-the-shelf base model, then distilled Google's Gemini 2.0 Flash Thinking Experimental model into it. The process of distilling AIs involves pulling the relevant information to complete a specific task from a larger AI model and transferring it to a smaller one.

Read more
New MediaTek Chromebook benchmark surfaces with impressive speed
Asus Chromebook CX14

Many SoCs are being prepared for upcoming 2025 devices, and a recent benchmark suggests that a MediaTek chipset could make Chromebooks as fast as they have ever been this year.

Referencing the GeekBench benchmark, ChromeUnboxed discovered the latest scores of the MediaTek MT8196 chip, which has been reported on for some time now. With the chip being housed on the motherboard codenamed ‘Navi,’ the benchmark shows the chip excelling in single-core and multi-core benchmarks, as well as in GPU, NPU, and some other tests run.

Read more
Chrome incognito just got even more private with this change
The Chrome browser on the Nothing Phone 2a.

Google Chrome's Incognito mode and InPrivate just became even more private, as they no longer save copied text and media to the clipboard, according to Windows Latest. The changes apply to Windows 11 and 10 users and were rolled out in 2024. However, neither Microsoft nor Google documented it.

Even though this change is not a recent feature, it's odd that neither tech giant thought it was worth mentioning. Previously, the default setting was that when a user saved text or images to the clipboard history, it was synced with Cloud Clipboard on Windows. Moreover, accessing this synced content was as simple as pressing the Windows and V keys, which poses a security risk, especially when using incognito mode.

Read more