CryptoMix Ransomware for Children’s Charity? It is true or not? Before we go in detail to cover this cyber security threat, we should know what is CrytoMix and how it working. CryptoMix is a ransomware strain that was first spotted in March 2016. In early 2017, its author(s) renamed CryptoMix to CryptoShield. The spread of this ransomware could be described as a medium level of prevalence and has been steady since its discovery. Once CryptoMix infects a machine, it tries to communicate with its Command and Control (C&C) server to establish a key to encrypt files. It uses exploit kits (RIG at the moment) as its main delivery method. CryptoMix pretending to be a children’s charity is not new, but this latest iteration is taking it to the next level of depravity by including stories and information taken from legitimate crowdfunding pages for sick children.
This tactic was reported in close to a year ago by a CryptoMix victim was able to track down the crowdfunding page for the child whose information was being used. At the time, it appeared to be one time tactic by an affiliate, this tactic continues to this day. When infected, CryptoMix will drop a ransom note similar and it contains a variety of email addresses that the victim can contact for payment instructions and a unique ID that is associated with their computer.
If a victim contacts one of the email addresses, they will receive an email back that states they are from the “Worldwide Children Charity Community” and includes a profile of a sick child. This email also contains a to a message on the One Time Secret site, which is a service that allows you to share a post that can only be read once before it is deleted.
One thing is clear: The criminal minds behind CryptoMix know exactly what they are doing. They hope to take the sting out of the ransom payment. No money will ever be send to any children in need though. Everything will 100% go to the criminals. If you ever get infected by this ransomware make sure to not fall for their mind games and don’t pay up. None of the money will ever be donated and in the end is remains unsure if you will get your files back.
Feel free to contact E-SPIN for the assistance for solution capable to allow your enterprise to reverse engineering suspect malware, so your can perform any malware analysis to protect your nation or enterprise, as well as end to proactive network, server, endpoint, mobile device malware, antivirus protection for latest threat and challenges.