CrypMIC Ransomware
The CrypMIC Ransomware, a ransomware Trojan released recently, seems to have been created as a way to monetize on the recent success of another encryption ransomware Trojan, the CryptXXX. The CrypMIC Ransomware imitates several substantial characteristics of CryptXXX, including its delivery method, ransom note and the website for payment. It is entirely possible that the CrypMIC Ransomware was hastily created as a quick way to make a profit at the expense of computer users.
The Mic that Enters your Computer Silently
The CrypMIC Ransomware, like CryptXXX, is being distributed using the Neutrino Exploit Kit. Computer users are directed to an attack website containing this exploit kit via corrupted links that may be embedded in spam email messages. Low-quality advertising content also may force computer users to visit these attack websites, where the CrypMIC Ransomware is installed on their computer. Once in the victim's computer, the CrypMIC Ransomware uses a custom protocol to communicate with its Command and Control server by using the TCP Port 443, a characteristic that was also present in the CryptXXX. The CrypMIC Ransomware's files are more difficult to recognize than the CryptXXX, though. While the CryptXXX changed the files' extension, making it easy to know which files had been encrypted, the CrypMIC Ransomware leaves the files as they are, making it difficult to know which files were affected by its encryption method. The CrypMIC Ransomware is also more effective than the CryptXXX at detecting virtual environments and preventing PC security researchers from observing its code.
Like most threatening ransomware Trojans, the CrypMIC Ransomware carries out a typical attack that involves encrypting the victim's files and holding the decryption key until the victim pays an elevated ransom in BitCoins, presently averaging a ransom of anywhere between $800 and $1500 USD. One of the most threatening aspects of the CrypMIC Ransomware is that, like the CryptXXX, this encryption ransomware Trojan also doubles as a data collector. The CrypMIC Ransomware will collect passwords and credentials from several applications. The CrypMIC Ransomware also may spread throughout a network quickly since it can encrypt files on network drives and removable memory devices. The CrypMIC Ransomware, however, will only encrypt network shared drives if they have been mapped to a drive, rather than scanning the machine automatically. This capacity to spread makes the CrypMIC Ransomware particularly threatening to businesses and enterprise systems. Its information-collecting capabilities, however, also make it a significant threat to individual computer users' privacy. The CrypMIC Ransomware will collect credentials and data from the following types of applications:
'Drive-mapping utility tools (FTP, WebDAV, HTTP and SFTP clients)
Windows-based file managers
Distributed file system clients that manage remote files such as those from the cloud
Remote desktop tools (RDP, VNC servers)
VOIP and internet dialers
Video chat software
Web application frameworks (i.e. ASPNET)
VPN clients
Instant messaging clients (including those designed for businesses)
Download managers
Web browsers
Email clients
Online poker gaming software'
Dealing with the CrypMIC Ransomware and Similar Ransomware Trojans
Since the CrypMIC Ransomware collects and encrypts data, the CrypMIC Ransomware poses a real threat to computer users and businesses. However, remember that paying the CrypMIC Ransomware's ransom does not guarantee that the computer user will have their files restored. You need to remember that you are dealing with con artists, who are not known for keeping their word. Most importantly, paying the CrypMIC Ransomware ransom helps these con artists to continue developing and improving these threats to carry out more attacks. The CrypMIC Ransomware is especially affected because the decryptor being delivered by its developers after the ransom is paid has been reported not to work correctly in all instances. Computer users are advised to follow the recommendations below to stay protected from the CrypMIC Ransomware and similar threats:
- Backup all files regularly on an off-site memory device.
- Keep all computers updated with the latest security patches.
- Always use a reliable, fully updated anti-malware application.
