A new variant of Cryptomix ransomware was spotted in the wild appending.DLL extension to the encrypted files.
According to reports, the new variant is spread through hacked remote desktop services.
The new variant first reported by a user in the Bleeping computer forum saying they were infected through their publicly exposed remote desktop services.
In the new variant after a file is encrypted, a .DLL extension will be appended to the encrypted file’s name.
After encryption, a ransom note named _HELP_INSTRUCTIONS_.TXT will be added to every encrypted file folder which contains details to contact the attacker.
In the ransom note, the victims are asked to email to the specified email address given the ransom note to get details about the payment.
After infection, the ransomware has enabled the default administrator account and changed the password also.
Earlier this year Cryptomix ransomware was seen using stolen data from crowdfunding websites to target victims and claiming that the ransom payment for unlocking encrypted files will be donated to them.
Always follow these basic instructions to protect yourself any Ransomware Infection:
- Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline
- Maintain updated Antivirus software for all systems
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
- Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches.
- Use strong passwords and never reuse the same password for multiple accounts
You may be interested in reading:Researchers Discovered New Victim of Powerful Triton Malware