Security researchers have discovered a new Cryptomix ransomware campaign using stolen data from crowdfunding websites.
Cryptomix first spotted in 2016 is a combination of CryptXXX and CryptoWall ransomware.
In this new campaign, the attacker’s uses information about children stolen from crowdfunding websites and claiming that ransom payment for unlocking encrypted files will be donated to them.
The new campaign was discovered by security researchers at cyber security firm Coveware .
The attack begins with brute force attacks targeting weak passwords on RDP ports and once gained access before encrypting files attackers extracts admin credentials required to move across the network.
After encryption, the victims will be presented with a .txt file asking users to contact send an email to the ransomware distributors.
In the email exchange hackers claims to be working for children charity community and the ransom amount paid will be donated to charity.
According to researchers, the email contains information about children taken crowdfunding website and other sources. Researchers said they have notified families of children whose were affected in the campaign.
The victims are asked to click for payment. This page includes payment instructions and further details.
“We are guessing this tactic is meant to assuage the moral hazard associated with paying a ransom. It goes without saying that these cyber criminals did think this through. It is poignantly obvious that the charity is fake, and that the details of the child’s case are lifted from other sites.”
Once the ransom payment is made victims are given more details about the charity and also mentions that payment will be noted in the name of the victim itself.
Victims who are affected by Cryptpmix are advised to try Avast’s decryption tool and ask assistance from CERT.PL.
You may be interested in reading:Blur Data Breach Potentially Exposed Data of 2.4 Million Users