May 1, 2017 By Lawrence Abrams
A new CryptoMix, or CryptFile2, variant was released that is now using the .[payment_email].ID[VICTIM_16_CHAR_ID].WALLET extension for encrypted files. This is very annoying as it makes it more difficult for victims to easily identify what ransomware they are infected with when they perform web searches. This is because the .WALLET extension has been used by Dharma/Crysis, Sanctions, and now we have CryptoMix. Currently payment email addresses are shield0@usa.com
admin@hoist.desi, and crysis@life.com.
This variant was discovered by independent security researcher R0bert R0senb0rg and later identified as CryptoMix by MalwareHunterTeam. I decided to take a look at the sample and take a deeper dive to see what has changed since the previous Revenge variant was released.
Full Article
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico