CryptXXX Ransomware Spreads Through Popular Toy Maker Site Maisto.com

The CryptXXX Ransomware threat is among a growing list of aggressive malware that not only encrypts files, but it can steal Bitcoin funds and passwords from a victimized computer. Since its discovery in late March of 2016, CryptXXX Ransomware has been found to be spread through exploited browser vulnerabilities and compromised websites.

Among the most recent method for the CryptXXX Ransomware threat spreading, is through the U.S. toy maker Maisto's website, maisto.com. Researchers discovered that the maisto.com website was infected with a malicious JavaScript that loads the Angler exploit kit, a popularized exploit kit known for spreading ransomware threats. The web-based attack metric used was one that simply installs malware on a user's computer through exploiting web browser plug-in vulnerabilities. From there, the attack will install the Bedep malware dropper that will then install CryptXXX Ransomware.

Researchers from Proofpoint discovered the Trojan horse capabilities of CryptXXX Ransomware where it can steal information in addition to performing its expected file encryption duties. Among the data that CryptXXX Ransomware is able to steal, it almost puts no limit to the amount of data it targets to steal on an infected computer.

Ransomware threats are steadily evolving to master many different malicious activities. Among those activities, the CryptXXX Ransomware threat has adopted data-stealing methods much like Trojans that are known to pilfer data on compromised computers only to use stolen login credentials to access online banking accounts. The exploitation of legitimate websites is nothing new in the scheme of malware.

Exploiting sites and spreading through compromised sites is relatively new for ransomware threats and CryptXXX. Maisto.com is among a short list of recently compromised sites that aid in spreading ransomware. At one time, just weeks ago, the Locky Ransomware threat was spread using the Nuclear exploit kit on compromised sites, much like how CryptXXX Ransomware is being propagated.

So far, CryptXXX Ransomware has become the most prevalent threat spread through compromised sites by use of an exploit kit. Though, there is a silver lining in the clouds when you consider that CryptXXX Ransomware has a weakness in its encryption abilities. Fundamentally, CryptXXX Ransomware's encryption can be defeated with the proper tools making its ransom obsolete for obtaining a decryption key to restore all files encrypted by CryptXXX. Though, security experts believe that the perpetrators behind CryptXXX Ransomware may update the threat to "fix" its encryption flaw, which would put it in a position to be among the most aggressive threats in the current malware landscape.