CryptMix is a type of ransomware which claims that ransom fees will be donated to a children’s charity. The CryptMix threat combines large portions of other open source ransomware code: CryptoWall 3.0, CryptoWall 4.0 and CryptXXX. CryptMix was created by a group calling themselves “The Charity Team.”
Contents
Operation
A single link sent via spam email sends victims to malicious websites and encrypts files on the network. A message is then prompted on the screen explaining that files have been locked with an RSA-2048 algorithm, and urges the user to email one of two email addresses to recover files. CryptMix automatically begins to encrypt 862 different file types on a victim’s device as soon as it gets installed. Infected files can be recognized by .code file extension.
Recovery of files
Victims are sent a link and password to a secret website and told that they must pay ฿5 (an estimated $2,200) to recover lost files. This amount doubles unless the sum is paid within 24 hours. The ransomware creators tell victims that ransom money will go toward a children’s charity. Victims are also promised three years of “free tech support.”
Decryption tools cannot be used to regain access to encrypted files. At this time, there is no known method to decrypt compromised files.