Christmas is a time of goodwill and it seems that the people behind the CryptXXX ransomware aren’t immune as they’re offering a seasonal discount for victims who intend to pay up.
Researchers at data security company Forcepoint have discovered that where previously, victims infected with CryptXXX, also known as UltraCrypter were asked for a payment of 1.2 Bitcoin, in keeping with the season of goodwill, the cyber criminals are now offering decryption at a Christmas discount.
Victims paying their ransom demands can now unlock their files for only 0.5 Bitcoin. The 0.5 Bitcoin rate — around $395 at the current exchange rate — is only being offered until December 31st. The discount is offered via a pop-up window which appears before victims are taken to a Tor-based payments page.
“This highlights that, by providing a seasonal discount on their ransom, these malicious actors have a warped but sound business sense,” says Carl Leonard, principal security analyst at Forcepoint. “Victims may genuinely believe they are receiving a ‘good’ deal to unencrypt their data, but by paying the ransom they are motivating cyber criminals to continue such malicious activities”.
Could this be another sign of how ransomware is becoming more like a mainstream business? Perhaps we’ll see attackers offering more special offers in future. You can find out more on the Forcepoint blog.
Image Credit: Carlos Amarillo / Shutterstock