CryptXXX is a crypto-ransomware that debuted in April, 2016, and is said to be by the makers of Reveton, a very well-known police ransomware that terrorized victims at the beginning of the decade. Recently, CryptXXX has been spreading rapidly through phishing emails with malicious attachments, which lead to an attack chain using Neutrino and, previously, Angler exploit kits to ultimately download the ransomware.

CryptXXX shows prominence through its active development and rapid evolution. Versions 1 and 2 of this young ransomware were decrypted fairly quickly by Kaspersky, yet a third version which is currently non-decryptable surfaced not long afterwards. The strong capabilities that this ransomware has adapted over time include locking the screen of the victims' machines after encryption and network share encryption, and the use of a downloaded DLL to steal victims' data, which can be used by the criminals for further monetization or for targeted attacks.

ThreatSTOP customers are protected from CryptXXX, as well as Angler and Neutrino exploit kits.