Cyber-criminals have given CryptoMix ransomware a few minor twists, including adding a new extension name to the encrypted files.
Bleeping Computer's founder Lawrence Abrams did a quick overview of the changes, which was uncovered by cyber-security researcher Michael Gillespie. The main difference is the addition of the .tastylock extension to all encrypted files. The email address used to contact the attacker for payment information has also changed and is now firstname.lastname@example.org.
Abrams noted that the basic encryption method used by this variant was the same as CryptoMix and the ransomware remained a text document named _HELP_INSTRUCTION.TXT.