Cryptomix ransomware receives face lift
Cryptomix ransomware receives face lift

The malicious actors behind Cryptomix ransomware have pushed out a new variant, with the primary change being the inclusion of a new extension and minor alterations to the contact info and ransom note.

Bleeping Computer, with a hat tip to MalwareHunterTeam for making the initial discovery, noted the new variant attaches a .MOLE66 extension to all encrypted files, however the encryption methodology remains the same. There is also no known decryptor at this time so victims must either pay the ransom or use their backup files to restore the impacted system.

There is also a new email address, alpha2018a@aol.com, that the victim can use to contact the attacker and pay the ransom, and the note itself is now labeled _HELP_INSTRUCTIONS_.TXT and appears as a notepad document.

The people behind this ransomware campaign appear intent on keeping their malware fresh, as two month ago they rolled out a similar update changing the extension and contact emails.