The CryptXXX Ransomware threat is among a growing list of aggressive malware that not only encrypts files, but it can steal Bitcoin funds and passwords from a victimized computer. Since its discovery in late March of 2016, CryptXXX Ransomware has been found to be spread through exploited browser vulnerabilities and compromised websites.
Researchers from Proofpoint discovered the Trojan horse capabilities of CryptXXX Ransomware where it can steal information in addition to performing its expected file encryption duties. Among the data that CryptXXX Ransomware is able to steal, it almost puts no limit to the amount of data it targets to steal on an infected computer.
Ransomware threats are steadily evolving to master many different malicious activities. Among those activities, the CryptXXX Ransomware threat has adopted data-stealing methods much like Trojans that are known to pilfer data on compromised computers only to use stolen login credentials to access online banking accounts. The exploitation of legitimate websites is nothing new in the scheme of malware.
Exploiting sites and spreading through compromised sites is relatively new for ransomware threats and CryptXXX. Maisto.com is among a short list of recently compromised sites that aid in spreading ransomware. At one time, just weeks ago, the Locky Ransomware threat was spread using the Nuclear exploit kit on compromised sites, much like how CryptXXX Ransomware is being propagated.
So far, CryptXXX Ransomware has become the most prevalent threat spread through compromised sites by use of an exploit kit. Though, there is a silver lining in the clouds when you consider that CryptXXX Ransomware has a weakness in its encryption abilities. Fundamentally, CryptXXX Ransomware's encryption can be defeated with the proper tools making its ransom obsolete for obtaining a decryption key to restore all files encrypted by CryptXXX. Though, security experts believe that the perpetrators behind CryptXXX Ransomware may update the threat to "fix" its encryption flaw, which would put it in a position to be among the most aggressive threats in the current malware landscape.