CrypMIC
NJCCIC Threat Profile
Original Release Date: 2016-07-21
CrypMIC targets Windows OS and is distributed via the Neutrino exploit kit. CrypMIC closely mimics CryptXXX in attack vectors, distribution and C2 communication methods, ransom note text, and the user interface of its payment site. However, it does not append any extension to the names of encrypted files, making it difficult to determine which files have been impacted and what variant is responsible. CrypMIC also checks to see if it is running in a virtual machine (VM) and sends that information to its C2 server via port 443. To prevent file restoration, CrypMIC deletes Shadow Volume Copies using the vssadmin tool. The ransom payment demand for CrypMIC is 1.2 to 1.4 Bitcoin.
- Trend Micro provides more information about CrypMIC here.
- The NJCCIC is not aware of any decryption tools available for CrypMIC.
Featured Content
- Sextortion & Romance Scams Continue with New Tactics>
- Increase in Reports of Gift Card Scams>
- Phishing-as-a-Service Operation Identified>
- Vaccination Lures in Recent Phishing Campaigns>
- Cryptocurrency Scams Increase>
- FortiGate SSL-VPN Credentials Leaked by Threat Actors>
- Microsoft Patches Several Actively Exploited Flaws>
- Updates Available for Actively Exploited Flaws in Apple Devices>
- Back-to-School Cybersecurity>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.