A new CryptoMix ransomware variant was spotted earlier this week that is infecting users via exploit kits and using 10 static public keys.
Previous versions of the ransomware only used one key and the researchers are spotting infections around the globe. The latest version still encrypts files in a similar manner to other variants in its family however there were a few differences, according to a July 5, Bleeping Computer blog post.
The updated ransomware was spotted around the same time researchers released a decryptor for the .Mole02 CryptoMix ransomware.
The latest version included a new ransom note with a file name and researchers said the extension appended to encrypted files on the new variant differs from other variants. Researchers also noted that it didn’t perform network communication and is completely offline.
“It also embeds ten different RSA-1024 public encryption keys, which are listed below,” the post said. “One of these keys will be selected to encrypt the AES key used to encrypt a victim’s files.”
Michael Gillespie, a member of MalwareHunterTeam who originally spotted the malware told SC Media that other than those differences the ransomware is pretty standard. He added that using backups and “and keeping your browser/plugins/AV/OS properly updated to prevent EKs from working” will help user prevent attacks.
While users are encouraged not to pay if they become infected by the ransomware, those who do are asked to forward their decryptors to Bleeping Computer so that researchers may analyze them.