A new variant of CryptoMix, called WORK Cryptomix, has been discovered. This variant now appends .WORK to the encrypted files. The email contacts in the ransom note have been changed.
The encryption methods stay the same in this variant, there have been some slight differences.
The ransom note is still named _HELP_INSTRUCTION.TXT, but now uses the [email protected], [email protected], [email protected], [email protected], and [email protected] emails for a victim to contact for payment information.
With this version, when a file is encrypted by the ransomware, it will modify the filename and then append the .WORK extension.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.