Security News New ERROR CryptoMix Ransomware Variant Released

[LASER_oneXM]

Today, BleepingComputer discovered a new variant of the CryptoMix ransomware that is appending the .ERROR extension to encrypted file names. This article will provide a brief summary of what has changed in this new variant.

As we are always looking for weaknesses, if you are a victim of this variant and decide to pay the ransom, please send us the decryptor so we can take a look at it. You can also discuss or receive support for Cryptomix ransomware infections in our dedicated Cryptomix Help & Support Topic.

Changes in the ERROR Cryptomix Ransomware Variant
While overall the encryption methods stay the same in this variant, there have been some differences. First and foremost, we have a new ransom note with a file name of _HELP_INSTRUCTION.TXT. This ransom note contains instructions to contact either error01@msgden.com, error02@webmeetme.com, or error03@protonmail.com for payment information.

This variant contains 11 public RSA-1024 encryption keys that will be used to to encrypt the AES key used to encrypt a victim's files. This allows the ransomware to work completely offline with no network communication.

As this is just a cursory analysis of this new variant, if anything else is discovered, we will be sure to update this article.