Security researchers have observed a new variant of CryptoMix ransomware named Azer. This ransomware encrypts files in almost similar manner to all other variants in CryptoMix family.
Azer differs by adding the string “email-[[email protected]].AZER” to the encrypted files. It performs no network communication and works completely offline.
Security researchers first spotted the CryptoMix ransomware in March 2016 and during early 2017 the authors renamed CryptoMix to CryptoShield. CryptoMix code quality is quite low compared to other ransomware families and it even comprises flaws that may cause user’s files to become undecryptable. There have been several reports where users paid the unusual extortion amount (5 to 10 Bitcoins) and were subsequently left without decrypted files.
Affected Platforms: Microsoft Windows – All Versions
To avoid becoming infected with ransomware, ensure that:
- A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
- All operating systems, antivirus and other security products are kept up to date.
- All day to day computer activities such as email and internet are performed using non-administrative accounts and that permissions are always assigned on the basis of least privilege.
- Your organisation adopts a holistic all round approach to Cyber Security as advocated by the “10 Steps To Cyber Security”.
To limit the damage of ransomware and enable recovery:
- All critical data must be backed up, and these backups must be sufficiently protected/kept out of reach of ransomware.
- Multiple backups should be created including at least one off-network backup (e.g. to tape).