New Version of CryptoMix Ransomware Detected

MalwareHunterTeam detected one fresh version of CryptoMix a ransom software which appends encrypted file-names with the extension namely .TEST as well as alters the contact electronic mails which the ransomware uses.

Reportedly, the version's encryption techniques remain same as before; however, certain slight differences have been noticed. While the ransom missive's name continues like before i.e. _HELP_INSTRUCTION.TXT, at present it utilizes the test757xz@yandex.com, test757@protonmail.com, test757@tuta.io, test757@consultant.com and test757xy@yandex.com electronic mails for any victimized user to get in touch for payment details.

Another observable alteration is with the encrypted file name's end. The latest variant of the ransomware when encrypts any file changes the file-name followed with adding .TEST at its end.

The version as well has eleven encryption keys of RSA-1024 intended for public usage and which would get utilized for encoding AES key with which the victim's files are encoded. Consequently, the ransomware is let for functioning entirely off the Internet devoid of any network communication. Hackbusters posted it on bleeping computer dated December 1, 2017.

For safety against ransomware, it's vital to have one tested as well as dependable backup of an end-user's entire data files which are easily retrievable after say a ransomware strike. There must be security software in place too which includes behavioral detections for fighting ransom software in addition to heuristics or signature detections.

Users must exercise certain security practices:
- Maintaining frequent backups.
- Avoiding opening attachments from sources that user can't recognize.
- Opening attachments only after confirming the sender.
- Scanning attachments using programs such as VirusTotal.
- Installing each and every Windows update immediately whenever one is released.
- Making all software up to date, particularly, Adobe Reader, Flash and Java. Older software may have security flaws ordinarily exploitable by malware purveyors, so they must be kept updated.
- Users must have security software loaded which utilizes white list methodology or behavioral detections. Although white listing is likely to be difficult, yet users agreeable to adopt it can gain unbelievably huge payoffs.
- Passwords created must be strong i.e. hard to crack while the same one must not ever be used on multiple websites.

» SPAMfighter News - 12/11/2017