Threat Database Ransomware CryptMix Ransomware

CryptMix Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 5,968
Threat Level: 80 % (High)
Infected Computers: 2,555
First Seen: May 5, 2016
Last Seen: September 14, 2023
OS(es) Affected: Windows

The CryptMix Ransomware is a ransomware Trojan. However, the CryptMix Ransomware has a twist that's quite unexpected, particularly if compared to other encryption ransomware Trojans. Apparently, the CryptMix Ransomware claims that it will donate part of the money gathered from its attacks to a children's charity. The CryptMix Ransomware is being distributed by a group of con artists that is calling themselves the 'Charity Team.' The CryptMix Ransomware ransom note claims that part of the money will go to a charity that benefits children. The CryptMix Ransomware was first observed in the Spring of 2016. PC security researchers strongly advise computer users to avoid paying the CryptMix Ransomware ransom. Apart from these supposed claims, the CryptMix Ransomware is no different from other ransomware Trojans, designed to take your money by making your files hostage.

What are the CryptMix Ransomware Actions After Infecting a Computer

The CryptMix Ransomware has elements of various encryption ransomware families. The CryptMix Ransomware seems to be a combination of versions 3.0 and 4.0 of CryptoWall and the ransomware Trojan CryptXXX. These combined elements, the CryptMix Ransomware got its name. The CryptMix Ransomware is currently being spread through drive-by-downloads. Essentially, the CryptMix Ransomware is hosted on corrupted websites that may include an exploit kit. These exploit kits use vulnerabilities on the victim's computer to deliver the CryptMix Ransomware automatically. Computer users may be directed to the websites associated with the CryptMix Ransomware through redirect scripts on compromised websites or links embedded in spam email messages. When the victims open a link in a spam email message, their Web browser is sent to the attack website immediately, where vulnerabilities in the victim's computer are used to download and install the CryptMix Ransomware.

The CryptMix Ransomware Attack

When the CryptMix Ransomware enters the victim's computer, it starts encrypting the victim's computer automatically. The CryptMix Ransomware can encrypt 862 different types of files. The CryptMix Ransomware adds the extension '.CODE' to files that it has encrypted. After encrypting the victim's files, the CryptMix Ransomware delivers ransom notes to the victim's desktop. The CryptMix Ransomware uses both a HTML ransom note associated with CryptXXX or a text file note that is may be associated with CryptoWall variants. The ransom note is straightforward: it claims that the victim's files were encrypted using the RSA-2048 encryption. It contains an identifier, and the victim is asked to email one or two different email addresses to receive instructions on payment and how to decrypt the files.

When computer users send an email to one of these email addresses, they are provided with a link and password to the One Time Secret, a service that allows computer users to send each other anonymous messages. The ransom demanded by the CryptMix Ransomware is very costly. The CryptMix Ransomware demands a payment of five BitCoin, which is approximately $2,200 USD at the current exchange rate. This is especially high when one considers that most ransomware Trojans demand a ransom of somewhere between 0.5 and 1.5 BitCoin. The CryptMix Ransomware claims that part of the ransom amount will be used to contribute to a charity that benefits children. However, the people responsible for the CryptMix Ransomware also use threats, claiming that if the payment isn't carried out right away, the infected users will have to pay twice the amount after 24 hours. One ironic aspect of the CryptMix Ransomware is that the con artists responsible for this attack offer to 'sweeten the deal' by offering three years of technical support, which is completely ridiculous considering who is offering it.

The decryption of the files encrypted by the CryptMix Ransomware is not possible without access to the decryption key currently. On that account, the best solution when handling the CryptMix Ransomware is to restore the encrypted files from a backup after removing the CryptMix Ransomware. Backup all files on an external device or the cloud to avoid these problems in the future.


Most Viewed