Threat Management, Malware, Ransomware

Cryptomix ransomware receives face lift

The malicious actors behind Cryptomix ransomware have pushed out a new variant, with the primary change being the inclusion of a new extension and minor alterations to the contact info and ransom note.

Bleeping Computer, with a hat tip to MalwareHunterTeam for making the initial discovery, noted the new variant attaches a .MOLE66 extension to all encrypted files, however, the encryption methodology remains the same. There is also no known decryptor at this time so victims must either pay the ransom or use their backup files to restore the impacted system.

There is also a new email address, [email protected], that the victim can use to contact the attacker and pay the ransom, and the note itself is now labeled _HELP_INSTRUCTIONS_.TXT and appears as a notepad document.

The people behind this ransomware campaign appear intent on keeping their malware fresh, as of two months ago rolled out a similar update changing the extension and contact emails.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.