Threat Management, Malware, Ransomware

Latest CryptoMix ransomware adds .Exte extension to files

Share

A new variant CryptoMix ransomware is appending the .EXTE extension to the names of the folders it captures.

The malware was spotted by Malwarebytes malware researcher Marcelo Rivero and was further investigated by Bleeping Computer researchers who noted the encryption methods appear to be the same used in previous CryptoMix attacks, according to a July 14 blog post.

Researchers also noted the latest version continues to use the same 10 public RSA keys as the the previous AZER version, one of which will be selected to encrypt the AES key used to encrypt a victim's files.

In addition to the new extension, the latest version also includes a new ransom note named of _HELP_INSTRUCTION.TXT. This note contains instructions to contact either [email protected][email protected], or [email protected] for payment information.

While its recommended users don't pay the ransom, those who do are encouraged to send their decryption keys to researchers who can then scan them for weaknesses.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.