Obviously, the developers behind the Cryptomix ransomware do not stop developing it.
Hackers have released a new version of Cryptomix that adds the .SERVER extension to encrypted files and uses new emails to contact their victims.
Changes in the new ransomware variant
In the new version of the ransomware, called SERVER, the same encryption methods are used, but with some slight differences. The ransom note is still called "_HELP_INSTRUCTION.TXT," but hackers now use the e-mail "[email protected]", "[email protected]", "[email protected]", "[email protected]" and "[email protected]" to enable victims to contact hackers and receive ransom payment information.
The next noticeable difference is the extension added to the encrypted files. In this version, when the file is encrypted, the ransomware changes the file name and then adds the .SERVER extension to the name of the already encrypted file. For example, a test file encrypted by this variant of the ransomware may have the following encrypted file name: 0FEA120D0A516824060636C21EC8BC28.SERVER.
Still, this variant of the ransomware cannot be decrypted for free because it is brand new and has not yet been analyzed in detail.