New Cryptomix ransomware variant released

05.01.2018

SERVER-Criptomix-ransomware

 

Obviously, the developers behind the Cryptomix ransomware do not stop developing it.

Hackers have released a new version of Cryptomix that adds the .SERVER extension to encrypted files and uses new emails to contact their victims.

Changes in the new ransomware variant

In the new version of the ransomware, called SERVER, the same encryption methods are used, but with some slight differences. The ransom note is still called "_HELP_INSTRUCTION.TXT," but hackers now use the e-mail "[email protected]", "[email protected]", "[email protected]", "[email protected]" and "[email protected]" to enable victims to contact hackers and receive ransom payment information.

The next noticeable difference is the extension added to the encrypted files. In this version, when the file is encrypted, the ransomware changes the file name and then adds the .SERVER extension to the name of the already encrypted file. For example, a test file encrypted by this variant of the ransomware may have the following encrypted file name: 0FEA120D0A516824060636C21EC8BC28.SERVER.

Still, this variant of the ransomware cannot be decrypted for free because it is brand new and has not yet been analyzed in detail.

Would you like to comment on this article?

Share

Featured

12.01.2018

New banking malware FakeBank can intercept messages to steal data and money

FakeBank malware can steal sensitive information from the device including phone numbers, balance on a linked bank card and location data.

05.01.2018

New Cryptomix ransomware variant released

Hackers have released a new version of Cryptomix that adds the .SERVER extension to encrypted files.

04.01.2018

Meltdown and Specter vulnerabilities affect Intel, ARM, AMD processors

Almost all PCs, laptops, tablets and smartphones are in danger, regardless of manufacturer or operating system.

Sign up for our online newsletter!