Skip to main content

HKCERT Alerts on "CryptXXX" Ransomware

Release Date: 7 Jun 2016 1657 Views

Having reported a new monthly-high of 59 incidents of ransomware attacks in May, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council today (7 June 2016) urges the public to keep up vigilance against ransomware. HKCERT figures showed that while the number of Locky incidents had tailed off, a new ransomware, "CryptXXX", has emerged and taken up the charge with 32 cases in May. Most of the victims were local home users, educational organizations and SMEs.

Cyber criminals use compromised websites and malicious banner ad loaded in normal websites to spread "CryptXXX". Visitors to these websites are redirected to another site that hosts the attack. It will exploit security vulnerabilities in the victim computers and try to install "CryptXXX". Once infected, their files will be encrypted and added with a ".crypt" file extension. Criminals will demand the victims to pay a ransom in bitcoins for the decryption key, with further raise for any delays in payment. However, there is no guarantee the victims can obtain the key to recover their data.

HKCERT warns that the lucrative returns will lure more ransomware groups to enter the arena with higher ransom demands. More ransomware that are more difficult to trace will continue to emerge, which will target Mac and Linux operating systems and mobile devices.

To guard against ransomware attacks, HKCERT urges Internet users to regularly backup their computer data and keep an offline copy, keep security software updated, and patch system and other software. They must turn off the macro feature of Microsoft office, and only re-enable it temporarily when necessary and under secure condition. Any suspicious-looking emails should also be deleted.

For incidents reporting or enquiries, please contact the HKCERT hotline at tel: (852) 8105 6060, or email: [email protected].