DLL Cryptomix Ransomware Variant Installed Via Remote Desktop

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The CryptoMix ransomware is still alive and kicking as a new variant has been spotted being spread in the wild. This new version appends the .DLL extension to encrypted files and is said to be installed through hacked remote desktop services.

This variant was first reported in a topic in our forums where a victim stated that they were infected by the attackers hacking into their publicly exposed remote desktop services. According to the victim, the ransomware had also enabled the default administrator account and changed its password.

As ransomware continues to move away from malspam distribution and towards manual installation by hacked services or more targeted approaches, it is important to close off all publicly accessible services that can be used to gain access to Windows.

Unfortunately the CryptoMix Ransomware is still not decryptable for free. For those who wish to discuss this ransomware and receive support, you can use our dedicated Cryptomix Help & Support Topic.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top