Cybercriminals have given CryptoMix ransomware a few minor twists, including adding a new extension name to the encrypted files.
Bleeping Computer‘s founder Lawrence Abrams did a quick overview of the changes, which was uncovered by cybersecurity researcher Michael Gillespie. The main difference is the addition of the .tastylock extension to all encrypted files. The email address used to contact the attacker for payment information has also changed and is now email@example.com.
Abrams noted that the basic encryption method used by this variant are the same as CryptoMix and the ransom not remained a text document named _HELP_INSTRUCTION.TXT.