There’s a new crypto-ransomware brand in-the-wild called “UltraDeCrypter”.
It’s an evolution of CryptXXX that is being dropped by the Angler exploit kit. In our tests, using an older CryptXXX “identification code” with UltraDeCrypter’s decryption service portal redirected to an older CryptXXX portal. So there’s evidence the back ends are interlinked.
Regarding the payment support pages… the number of attempted localizations is a very telling of UltraDeCrypter’s ambitions.
Here’s CryptoWall, many months ago.
Localizations: English, Italian, French, Spanish, and German.
Here’s a current payment page related to CryptXXX.
Localizations: all of the above… and six more.
And here’s UltraDeCrypter’s payment page.
25 localizations! It’s a small world after all.
The “Test decryption” page [GIF].