The cat and mouse game between Bitcoin ransomware developers and security researchers continues. The CryptXXX developers have come up with another improvement to their malware. A change in ransom note may not be significant, but the change in Tor payment site is rather interesting. It is the second time in a few weeks the developers have upped the ante again.

Another CryptXXX Update Is Here

One thing the developers of CryptXXX left unchanged is how the same type of encrypted files extensions remains. For administrators, this is not good news, as the ransomware is no longer using a dedicated file extension for encrypted files. Everything else, including the payment page where the Bitcoin funds have to be transferred to, has been updated.

The method of distributing CryptXXX has not changed by any means, though. The Neutrino exploit kit is still being utilized, and a severe spam attack is underway to target as many computers and networks as possible. After all, there’s very little reason to change a winning formula, and malware remains a profitable business for internet criminals.

Perhaps the biggest change is how the CryptXXX payment will be completed in a different environment. A new .onion website has been created to which users are redirected. The site has also undergone a name change and is now known as Microsoft Decryptor. More worryingly, infected users dealing with payment issues will no longer have an opportunity to contact the ransomware developers.

For the time being, CryptXXX remains to most popular type of Bitcoin ransomware the world has seen. It is also responsible for the less-than-graceful downfall of the Angler exploit kit for Neutrino. With its continual updates from the developers, CryptXXX is a grave concern for computer users and security researchers alike.

It is also becoming much harder to spot CryptXXX distribution campaigns. The pseudo-Darkleech campaign, for example, obfuscates the code relatively well. Internet criminals continue to refine their techniques, and stay researchers ahead by several steps. This trend will continue for quite some time to come.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.