Security Alert: New Ransomware Promises to Donate Earnings to Charity

Robin Hood CyptMix, a very creative idea to extort money to the victims enticing them to pay for a good cause and telling them to think to have the opportunity to help the children.

Of course, the criminals don’t provide further details on the way they intend to donate the earnings.

“Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help! And We trust that you are kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!” reads the ransom note sent to victims of the CyptMix ransomware shared by the experts at Heimdal Security who spotted the new threat.

It is the first time that experts see this kind of Psychological manipulation in ransomware-based attacks. This new strain of malware is spread through spam emails and drive-by attacks.

Even more curious is that the alleged benefactors called themselves the “Charity Team.”

Victims of the CyptMix ransomware need to pay 5 bitcoins (approximately $2200 at the current price per bitcoin), a ramson very expensive respect other similar threats.

simple-ransomware-infection-chain

But don’t think that the ransomware’s code is a joke, because the threat is as serious as can be. This new strain, which currently lacks an identifying name, reuses large parts of open-source malware code. For example, this ransomware is a CryptoWall 4 variant and it also includes CryptXXX components.

This new strain is delivered the usual method, through spam emails and drive-by attacks, which have become the norm in ransomware attacks.

How to prevent ransomware?

Your best defense: Back up, back up, back up!

The solution to ransomware is fairly simple—at least, for now. Consumers and small businesses with a good backup process will be able to recover much of the data encrypted by the attackers. Companies who are doing backups on-premise should make sure they can recover an image of the data for months in the past and keep multiple copies. Any backups made between the time of infection and when the attack is detected will be encrypted, and thus unrecoverable without paying the ransom.

For that reason, online backups with automatic incremental backups can be a great help, Brian Foster, chief technology officer of network-security firm Damballa, advised. At the very least, companies should be keeping at least one set of backups offsite.

“I’m a big fan of online backups,” he said. “You should expect that, if you get hit by ransomware, you are not going to get the PC back.”

Additionally, some data protection products today allow users to run applications from image-based backups of virtual machines. This capability is commonly referred to as “recovery-in-place” or “instant recovery.” This technology can be useful for recovering from a ransomware attack as well, because it allows you to continue operations while your primary systems are being restored and with little to no downtime. Hexistor’s version of this business saving technology is called Instant Virtualization, which virtualizes systems either locally or remotely in a secure cloud within seconds. This solution ensures businesses stay up-and running when disaster strikes.

sql-azure-backup-logo


 

Downloadable Case Studies:

Hospitality  pdf-iconCryptoLocker

 

Leave a Reply

Your email address will not be published. Required fields are marked *