Threat Spotlight: LovxCrypt Ransomware


A ransomware infection can affect both home users and business organizations. It can result in financial losses if you pay the attacker in an effort to preserve your data, a disruption of normal business operations and brand reputation, and most importantly, the possibly permanent loss of important, sensitive, and critical data – all of which can negatively impact business productivity. Attackers may either be a well-organized cybercrime organizations, using their own infrastructure to target their victims, or a single person working on their own. A single attacker is more likely to buy off-the-shelf malware or modify a piece of code they find to create a new one. Once the attacker has created the ransomware, they only need to find a delivery mechanism to spread it and infect users.

The CrypVault ransomware, first seen around April 2015, is a ransomware that uses the GnuPG open-source  encryption tool to encrypt files on a victim’s computer. Unlike common ransomware, CrypVault is simply written using Windows scripting languages such as DOS batch commands, JavaScript and VBScript. Because of this, it is very easy to modify the code to create other variants of it. Any potential cybercriminals with average scripting knowledge should be able to create their own version of this to make money.

We look at a new CrypVault ransomware variant called LovxCrypt that we recently uncovered being spammed as an email attachment.

Delivery Method

Just like any other malware, this one arrives as an attachment to spammed emails with a fake “Resume” theme. The attachment is a zip file which then contains a file with a .CHM extension. We have seen this kind of spammed email format and social engineering trick many times before. Despite the frequency of this method of attack, users still fall for it on a regular basis, which (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Threat Guidance Team. Read the original post at: