New CryptoMix ransomware variant spotted
New CryptoMix ransomware variant spotted

A new CryptoMix ransomware variant has been released that includes a new extension added to the encrypted files, ransom note and new encryption keys.

The variant is being called ERROR, for .error which is the new extension that is added to the encrypted files, reported Bleeping Computer. The ransomware itself and its encryption methods have not been altered, but Bleeping Computer found a new ransom note included that contains three new emails for victims to contact if they wish to pay the ransom, error01@msgden.com,error02@webmeetme.com, and error03@protonmail.com.

This version also uses 11 public RSA-1024 encryption keys to encrypt the AES key that actually locks up the victim's files. This is an important change as it “This allows the ransomware to work completely offline with no network communication.,” Bleeping Computer wrote.

CryptoMix has been updated on a regular basis by the various crews using the ransomware.