Attackers are using a new method of psychological influence to force the victims to pay a ransom, hence, the attackers are attracting the victims to pay for a good cause and telling them to think to have the opportunity to help the children.
Trojan-Extortionist CyptMix Demands Money To Help Children[dropcap]Recently[/dropcap] an extortionate software is gaining more and more popularity among the cyber criminals, and almost every week there is a new Trojan-cipher. While some use extortionate software to enrich at the expense of any innocent victims, while others use it to extract funds for charity.
Experts from the Heimdal Security company that protect users and companies from cyber-criminal actions, by keeping confidential information and intellectual property safe, have discovered a new Trojan-cipher CyptMix, which attracts victims to pay for a good cause and telling them to think to have the opportunity to help the children.
This new strain of malware is spread through spam emails and drive-by attacks.However, it is the first time that experts see this kind of Psychological manipulation in ransomware-based attacks but most likely the loud statements are the only way to the psychological impact on the victim.
The ransom note sent to the victims of the CyptMix ransomware “Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help! And We trust that you are a kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!”.
As we mentioned earlier that CyptMix spreads via phishing emails and attacks drive-by. Hence, it encrypts all the files on the infected system, then extortionist demands a ransom for their restoration in the amount of bitcoins 5 (about $ 2,200) which is an unusually large sum for Trojan-cipher.
The malware was written on the basis of open source and it is a variant of CryptoWall 4 with components CryptXXX. However, the malware authors are also fixed the vulnerability that allowed the “Kaspersky Lab” to create a tool to recover the encrypted files from CryptXXX.