Three new CryptoMix ransomware variants released
CryptoMix is a ransomware that was first spotted in spring 2016. Since then, it regularly emerged in various forms and demonstrated new features each time its developers updated it. One of the most obvious details that changed over time was file extensions the virus uses to mark compromised files and the name of the ransom note.
The most recent versions drop _HELP_INSTRUCTION.TXT ransom note, and its contents depend on the version of ransomware. In July 2017, CryptoMix started attacking victims with Zayka, Noob, and the latest – CK ransomware versions. Each of these ransomware viruses was named after file extensions they append to encrypted files – .zayka, .noob or .CK, respectively.
Each version leaves a different message in _HELP_INSTRUCTION.TXT file
Although CryptoMix Noob virus drops a much shorter ransom note than the Zayka version, both of them suggest writing to the same email address – [email protected]. The CryptoMix CK version provides a short ransom note, too, but provides entirely different email addresses for the victim – [email protected], [email protected], and [email protected].
All of the new versions completely encrypt victim’s files and corrupt their original filenames so that the victim could not differentiate files one from another.
It is very likely that we will notice more variants shortly. This virus is clearly more sophisticated than the others, and the usage of RIG exploit kit for its distribution only confirms that. We must remind you that the same exploit kit was used in Cerber ransomware campaigns.
Chances to recover files are little
At the moment, none of the described ransomware versions can be decrypted using the decryptor previously released by Avast. The decryptor can unlock files marked with .cryptoshield, .rmd, .code, .lesli, .scl, .rscl and .rdmk extensions.
It means that victims whose computers were attacked by updated versions of the virus will have to use alternative data recovery tools or wait until the decrypter gets updated. CryptoMix ransomware got defeated once, so there is hope that security professionals might succeed in creating another data recovery tool shortly.
Until then, ransomware victims should remove Zayka, CK or Noob virus without any hesitations. This task must be completed precisely, so an anti-malware tool should be used. Ransomware is no typical computer program, and therefore inexperienced computer users shouldn’t attempt to delete it manually. The vast majority of such attempts result in failure that can permanently damage all files on the system.