The Internet has enabled many global delivery services to flourish, most of which are greatly appreciated by online shoppers. However, there are certain things that nobody appreciates receiving online, such as spam emails with attachments that contain ransomware. Unfortunately, such deliveries are becoming increasingly common nowadays and one variety that has caught the attention of industry experts recently is the CryptXXX ransomware infection. Previously spread via exploit kits including Angler and Neutrino, it is now being distributed by email, embedded as a macro in attached document files. When one of these files is opened, a message pops up explaining that some macros need to be run in order for the document to display properly. Anybody who goes along with this request is in trouble.
What CryptXXX Actually Does
Once a recipient agrees to the running of the macros in the document they open, the CryptXXX ransomware is installed onto their PC and immediately begins scanning the file system. It targets files with a wide variety of extensions, including all the most common text and image files, encrypting them and leaving a ransom note in the relevant folder for each file. As you can probably guess, the ransom notes demand that you send money to the perpetrators, in return for which they will provide you with the key to decrypt your files. They only accept payments in BitCoins, which makes it extremely difficult to track these criminals down.
What Happens if You Don’t Pay?
Many people are naturally disinclined to reward criminal behaviour such as this by paying the ransom but what exactly will happen if you refuse to give in to the demands? According to the notes that have been received, the ransom will double after a certain period of time, then double again after another period of time has elapsed. Finally, or so they claim, the key to decrypt your files will be permanently deleted. For people with very valuable files stored on their computer, these threats are often enough to produce the desired result: the victims send the ransom because they have no other way of decrypting their files. If nobody ever paid the ransoms, these types of malware infections would die out very quickly. Unfortunately, not everybody is in a position to take a stand and so they continue to be distributed on a global basis.
How Can I Protect Myself?
If you are wondering what you can do to protect yourself from CryptXXX and ransomware in general, the easiest way is to use a commercial-grade spam filter to ensure that emails with malicious attachments never reach your inbox in the first place. Cloud-based filters are especially effective for organisations that need to protect a large number of inboxes simultaneously. If you do happen to receive an email from an unknown sender, with a file attached, do not open it. Instead, delete the email immediately. Finally, back up important files to a remote location or to an external hard drive that is then detached from your PC.