April 23, 2019 By David Bisson 2 min read

Security researchers discovered that a new DLL CryptoMix ransomware variant is reportedly using Windows Remote Desktop Services (RDS) to install itself on unsuspecting users’ machines.

Bleeping Computer first learned about the ransomware when someone revealed in its forums that they had suffered an infection. The user went on to note how those responsible for the attack had exploited their machine’s publicly exposed RDS to infiltrate their computer and install the DLL CryptoMix variant. As part of this infection chain, the attackers also apparently enabled the computer’s default admin account and changed its password.

The sample analyzed by Bleeping Computer modified each file it encrypted by appending the .DLL extension to its file name. It then saved a ransom note to the compromised machine informing the victim to send their infection ID number to multiple email addresses, such as dllteam@protonmail[dot]com, dllpc@mail[dot]com and others. The attackers promised in their note that they would send over payment instructions immediately upon hearing from the victim at all of these email addresses.

The Changing Face of CryptoMix

At the beginning of the year, Coveware observed a similar CryptoMix attack that claimed all ransom payments would go to a fictitious children’s charity. And in March, Bleeping Computer spotted a variant using .CLOP or .CIOP extensions as it apparently shifted its focus to target entire networks instead of individual computers.

This attack also comes amid the growing costs associated with a ransomware attack. In April, Coveware observed that the average payment associated with ransomware in Q1 2019 had risen to $12,762 — an 89 percent increase from Q4 2018’s average of $6,733.

How to Defend Against DLL CryptoMix

Security professionals can help defend their organizations against a DLL CryptoMix infection by implementing a robust data backup strategy and vetting backup policies, including regular testing to make sure the organization can obtain viable backups. Security teams should also use an endpoint management solution to ensure all endpoints’ software is up to date and to acquire greater visibility into the production environment.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today