FBI Issues Another Ransomware Warning, CryptXXX 2.006 Bypasses Free Decryption

May 09, 2016
Ryan Kalember, senior vice president of Cybersecurity Strategy

New types of ransomware continue to emerge, and cybercriminals show no signs of slowing down. We recently discovered four new ransomware variants, including CryptXXX, which is strongly linked to both a sophisticated threat actor and to Angler, the world’s biggest exploit kit by volume. Today we uncovered CryptXXX 2.006, which is resistant to decryption tools that worked against its first version.

In response to this trend, the FBI recently issued yet another alert anticipating the continued increase in ransomware attacks and infection, and last week a public utility in Michigan joined the list of public victims. Ransomware forced Michigan’s Lansing Board of Water & Light (BWL) to shut down all corporate IT and even phone systems for an entire week. While it appears that this was not a targeted attack against SCADA or industrial control systems, the degree of disruption the ransomware infection caused was eye-opening.

Many healthcare providers, local government agencies, and even police departments have decided that paying a ransom to very bad people is the lesser evil when compared to an interruption in the critical services they provide to their constituents. Ransomware infections have real consequences if they secure a foothold within organizations and encrypt information.

According to our Q1 research, 24% of document attachment-based email attacks featured Locky ransomware. We don’t have figures on the new variants yet, but we expect them to proliferate as well. For information on recommended ransomware prevention and recovery steps, click here. Please watch our Threat Insight blog for the latest on our ransomware discoveries and trends.