For now, there's a decryption tool that can help CryptXXX victims Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there’s a tool that can help users decrypt CryptXXX affected files for free.Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users’ computers by exploiting vulnerabilities in their browser plug-ins.If the attack successfully exploits a browser vulnerability, it then installs a malware dropper called Bedep, which in turn installs the CryptXXX ransomware.CryptXXX was first discovered last week by researchers from Proofpoint. In addition to encrypting user files on local drives and network shares, the malware also acts like an information-stealing Trojan. It steals saved log-in credentials from browsers, instant messaging applications, FTP clients and email clients. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files.Maisto.com is not the only recently compromised website that has been used to distribute CryptXXX. Researchers from Palo Alto Networks have observed a large attack campaign using the Angler-Bedep-CryptXXX combo since mid April. The attackers behind that campaign had previously used the Nuclear exploit kit to deliver Locky, a different ransomware program.“CryptXXX is now the default ransomware deployed in at least two major exploit kit campaigns and should be considered a growing cybersecurity threat,” the Palo Alto researchers said in a blog post.The good news is that the current version of CryptXXX seems to have a weakness in its encryption implementation. Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption tool to add support for CryptXXX affected files.While that tool works for now, it’s likely that the malware’s creators will eventually figure out their error and fix it. Therefore, users should focus on prevention rather than remediation.They should keep all of their software programs, and especially browser plug-ins like Java, Flash Player and Silverlight, up to date. They should also regularly back up their files to an external location that’s not always accessible from the computer. Locally mapped network shares are not a good idea, because ransomware programs target those too. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe