Robin Hood Ransomware? CryptMix Promises to Donate Earnings to Charity

cryptmix-ransomwareResearchers at Heimdal Security recently reported on the discovery of a ransomware strain that seemingly gives a "philantrophic" twist to the online extortion business model. While the malware works similarly to how earlier ransomware discoveries operate, the ransom note that the data kidnappers leave spell a big difference in how it coerces victims into paying the ransom—with promises of donating to a children’s charity.

In a blog post, the new ransomware variant called “CryptMix” uses distribution methods that resemble those of traditional ransomware variants—spam and drive-by downloads. Once the malware penetrates into the system, CryptMix encrypts over 862 file types and appends them with the .CODE extension. A payment of 5 Bitcoins is demanded, amounting to a hefty value of US $2,200, which is higher than the average ransom asked by other families reported in the past.

[Read: Ransomware 101: How Data Kidnapping Works]

The note, written in broken English and signed by "Charity Team," reads: “Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help!”

However, if the ransom was not settled to obtain the private key for the encrypted files, the amount to be paid doubles within 24 hours, which heightens the sense of urgency on the victim. The note furthers, “And We trust that you are kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!”

The charity mentioned in the CryptMix ransom note was not identified, which makes it difficult to verify the authenticity of its philanthropic claims. However, the researchers behind the discovery highlight that the new ransomware strain should not be taken lightly. The blog states, “Don’t think that the ransomware’s code is a joke, because the threat is as serious as can be. This new strain reuses large parts of open-source malware code. For example, this ransomware is a CryptoWall 4 variant and it also includes CryptXXX components.”

Recently, the uptick in ransomware sightings over the past few months has illustrated not just a progression in terms of volume but also an evolution of methods and capabilities. This trend has compelled authorities to shore up efforts to minimize the damage it causes to consumers and organizations.

Just last month in California, the war waged against data kidnapping took the form of a senate bill that calls for specific penalties for those who spread and profit from ransomware.

California State Senator Bob Hertzberg cites FBI statistics in a call for authorities and security experts to help create laws that would fight this type of online extortion. In the US, ransomware has caused over $206 million in recorded damages in first three months of 2016 alone—a far cry from the $25 million recorded in all of 2015.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.