Ransomware promises to donate ransom fees to a children's charity

That’s right! Malware authors have a heart too… or a guilt card.

Ransomware charity

A new ransomware variant is promising victims that their ransom fees will be donated to a children's charity.

Heimdal Security explains in a blog post that the ransomware, known as "CryptMix," borrows from other, better known crypto-ransomware samples circulating in the wild.

Large portions of open-source malware code belonging to CryptoWall 4.0 and CryptXXX, for example, appear in this latest variant.

Unfortunately, victims of CryptMix cannot use a decryption tool recently developed by Kaspersky Lab for CryptXXX to regain access to their encrypted files. The malicious actors behind this hodge-podge of crypto-ransomware foresaw that possibility, so they took it upon themselves to fix the implementation errors that allowed that particular recovery tool to work.

At this time, there is no known method by which victims of CryptMix can decrypt their files.

Simple ransomware infection chain

This newest ransomware sample is delivered like most other crypto-malware: through spam mail and drive-by downloads.

Once it has finished installing on a victim's computer, it then proceeds to encrypt some 862 different file types and append the .CODE extension onto each infected file before displaying its ransom message.

New cryptmix ransomware promises to give money to a children s charity 503688 3

CryptMix demands approximately 5 Bitcoins (approximately US $2,200) from its victims, which is quite a bit more than most crypto-malware ask for.

But that's not even the most interesting part of this ransomware.

After instructing victims where to send their money, the ransom message reads:

"And now most important information: Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help! And We trust that you are kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!"

To "sweeten" the deal, the ransom message promises two things: three years of free tech support... and a doubling of the ransom fee if the victim doesn't pay in 24 hours.

Can we trust that the ransomware authors will actually donate the money to charity? Our answer is a resounding "no." As noted by Heimdal:

"While there’s no way of telling the truth (at the moment), we can hardly trust cyber criminals to have a kind and generous side to them. Real life is nothing like the movies."

It's important to take malware authors for what they are and block their efforts as much as possible. With that in mind, never click on suspicious links, always keep an updated anti-virus solution on your computer, and implement software patches as soon as they become available.

Also, be sure to maintain a regular backup of your files. That way you will never need to bow to ransomware authors and pay their demands - even some miscreant should encrypt your files.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

One Response

  1. Bill

    May 10, 2016 at 3:10 pm #

    Great article! My question is what are we doing to find the people responsible and convicting them of a crime? These people should be put in jail for this.

Leave a Reply