The CryptoMix ransomware is still alive and kicking as a new variant has been spotted being spread in the wild. This new version appends the .DLL extension to encrypted files and is said to be installed through hacked remote desktop services.
This variant was first reported in a topic in
our forums where a victim stated that they were infected by the attackers hacking into their publicly exposed remote desktop services. According to the victim, the ransomware had also enabled the default administrator account and changed its password.
As ransomware continues to move away from malspam distribution and towards manual installation by hacked services or more targeted approaches, it is important to close off all publicly accessible services that can be used to gain access to Windows.
Unfortunately the CryptoMix Ransomware is still not decryptable for free. For those who wish to discuss this ransomware and receive support, you can use our dedicated
Cryptomix Help & Support Topic.