CryptMix is a type of ransomware which claims that ransom fees will be donated to a children’s charity.[1] The CryptMix threat combines large portions of other open source ransomware code: CryptoWall 3.0, CryptoWall 4.0 and CryptXXX. CryptMix was created by a group calling themselves “The Charity Team.”[2]

CryptMix
ClassificationRansomware
AuthorsThe Charity Team
Technical details
Written inEnglish

Operation

edit

A single link sent via spam email sends victims to malicious websites and encrypts files on the network. A message is then prompted on the screen explaining that files have been locked with an RSA-2048 algorithm, and urges the user to email one of two email addresses to recover files. CryptMix automatically begins to encrypt 862 different file types on a victim’s device as soon as it gets installed. Infected files can be recognized by .code file extension.[3]

Recovery of files

edit

Victims are sent a link and password to a secret website and told that they must pay ฿5 (an estimated $35,000) to recover lost files. This amount doubles unless the sum is paid within 24 hours.[4] The ransomware creators tell victims that ransom money will go toward a children’s charity. Victims are also promised three years of “free tech support.”

Decryption tools cannot be used to regain access to encrypted files. At this time, there is no known method to decrypt compromised files.

References

edit
  1. ^ Tehrani, Rich. "Cryptmix Hacktrepeneurs Use Guilt Trip Ransomware Angle". Apex Technology Services. Retrieved 8 May 2016.
  2. ^ Cimpanu, Catalin. "New Cryptmix Ransomware Promises to Give Money to a Children's Charity". Softpedia. Retrieved 4 May 2016.
  3. ^ Howler, Christine. "CryptMix Ransomware involves Children's Charity Scheme!". theregister.co.uk. theregister.co.uk. Retrieved 10 May 2016.
  4. ^ Bisson, David. "Ransomware promises to pay ransom fees to children's charity". Graham Cluley. Graham Cluley. Retrieved 5 May 2016.