CryptXXX

CryptXXX is a ransomware malware distributed using the Angler exploit kit. After infiltration, CryptXXX encrypts various files stored on local and mounted drives using RSA4096, an asymmetric encryption algorithm. Thus, public (to encrypt) and private (to decrypt) keys are generated during the encryption process. To restore the files, victims need the private key, which is stored on command and control (C&C) servers owned by the cybercriminals. To receive the decryptor (with the embedded private key), victims supposedly have to pay a ransom. In addition, CryptXXX collects various private data (browsing details, cookies, etc.).