Ransomware grifters offer to donate proceeds of crime to charity

Pay up and feel like you're doing something good, say dastardly villains

17 Reg comments Got Tips?

Ransomware crooks are offering to donate ransom fees to a children's charity. Security experts dismiss the promise as “psychological manipulation” from unscrupulous crooks.

The offer comes from the “kind hearted” slingers of "CryptMix", one of a growing number of crypto-ransomware strains menacing Windows users worldwide.

CryptMix spreads through tricking users into either opening Booby-trapped emails or into rising websites compromised with malicious code that sprays exploits in the direction of visiting surfers (drive-by downloads). Both techniques are, of course, standard hacking tactics.

CryptMix is a mashup of code found in CryptoWall 4.0 and CryptXXX, other ransomware pathogens. Kaspersky Lab recently released a decryption tool that facilitates the recovery of files on computers compromised by CryptXXX.

Even though CryptMix relies in part of routines from CryptXXX, the decryption utility offers no relief. That’s because the unknown miscreants behind CryptMix have fixed coding shortcomings inherited from its parent that allowed Kaspersky’s tool to work, rendering the last resort security utility useless in the process.

That means there’s currently no means of recovering from CryptMix, short of paying off ransomware peddling scoundrels – an unsure process, even at the best of times.

CryptMix demands approximately 5 Bitcoins (approximately $2,200) from victims, more than the going rate. Marks are given the consolation that their money will “go towards a worthy cause”, at least if the boiler-plate ransomware demand from the self-styled “Charity Team” is taken at face value.

The rather garbled message CryptMix throws up is reproduced below:

Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help!

And We trust that you are kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!

That the proceeds of crime might be turned towards philanthropy does not belong the realms of possibility but seems highly unlikely. For one thing, the pledge would be difficult, if not impossible, to verify, especially without knowing the name of the charity supposedly benefiting from what can only be described as ill-gotten gains.

The threat by the ransomware slingers – hardly the most trustworthy types to begin with – to double their extortion demands where a victim fails to pay up within 24 hours hardly inspires confidence, either.

And the offers of “FREE tech support for solving any PC troubles for 3 years” seems to be a transparently empty promise. How would victims get in touch again with attackers, for one thing, even without thinking about trusting the help of a group that’s already infected your machine and ripped you off?

Heimdal Security, the Danish security vendor that spotted the “Robin Hood” variant of the increasingly popular ransomware scam, is highly sceptical.

"While there’s no way of telling the truth (at the moment), we can hardly trust cyber criminals to have a kind and generous side to them,” Heimdal’s Andra Zaharia writes. “Real life is nothing like the movies."

More commentary on the scam – as well as tips to defend against ransomware more generally – can be found in a blog post by security blogger David Bisson here. ®


Biting the hand that feeds IT © 1998–2020