New CryptoMix Ransomware Variant
The encryption functionality of this variant is the same as previous iterations, like CryptoSheild, but this variant has new contact emails for payment communication. The key is encrypted in a secure way that allows CryptoMix to function offline with no need for network communication.
Affected Platforms:
Microsoft Windows – all versions
Resolution:
As with all forms of zero day malware the first line of defence against new variants of ransomware is user awareness and safe working practices.
To avoid becoming infected with ransomware, ensure that:
To avoid becoming infected with ransomware, ensure that:
- A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
- All operating systems, antivirus and other security products are kept up to date.
- All day to day computer activities such as email and internet are performed using non-administrative accounts and that permissions are always assigned on the basis of least privilege.
To limit the damage of ransomware and enable recovery:
- All critical data must be backed up, and these backups must be sufficiently protected/kept out of reach of ransomware.
- Multiple backups should be created including at least one off-network backup (e.g. to tape).
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.