TestCryptoMix Ransomware

The TestCryptoMix Ransomware is an encryption ransomware Trojan that seems to be related to the CryptoMix Ransomware, a ransomware family that has spawned multiple variants. The TestCryptoMix Ransomware – like many other encryption ransomware Trojans – is being spread to computer users through the use of corrupted spam email attachments. There is very little to differentiate the TestCryptoMix Ransomware from the many other encryption ransomware Trojans active today, especially those in the CryptoMix family. Computer users should take special care when opening email messages with unsolicited email attachments to prevent the TestCryptoMix Ransomware infections and to have file backups on a safe place to allow the recovery of the affected files after an attack.

How the TestCryptoMix Ransomware Infects a Computer

Threats like the TestCryptoMix Ransomware tend to function in similar ways. The purpose of these attacks is to take the victim's files hostage, encrypting them with a powerful encryption algorithm to demand a ransom payment in exchange for the decryption key. The TestCryptoMix Ransomware will be delivered in the form of a corrupted Microsoft Word document with empowered macro scripts that download and install the TestCryptoMix Ransomware onto the victim's computer. Once the TestCryptoMix Ransomware is installed, it will initiate its attack by scanning the contents of the victim's hard drives and using a combination of the AES and RSA encryptions to make the victim's files inaccessible. The files that may be encrypted in threat attacks similar to the TestCryptoMix Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Once the TestCryptoMix Ransomware has encrypted a file, it will change the affected file's name by adding a new extension, '.TEST,' to the end of each of the affected files' names. They will stay in the same locations, but their names also will be replaced with a string of 32 random characters. These are all tactics that have been observed countless times before in other encryption Trojans, and there is very little that is different about the TestCryptoMix Ransomware.

The TestCryptoMix Ransomware's Ransom Demands

The TestCryptoMix Ransomware's main purpose is to generate revenue at the expense of the victim. To do this, the TestCryptoMix Ransomware will deliver a ransom note in the form of a text file named '_HELP_INSTRUCTION.TXT" which will be dropped on the infected computer's Desktop. The TestCryptoMix Ransomware ransom note's full text reads:

'Hello!
Attention! All Your data was encrypted!
For specific informartion, please send us an email with Your ID number:
test757@tuta.io
test757@protonmail.com
test757xz@yandex.com
test757xy@yandex.com
test757@consultant.com
Please send email to all email addresses! We will help You as soon as possible!
IMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!
DECRYPT-ID-[RANDOM CHARACTERS] number'

Although computer users may need to get back their files desperately, they must refrain from paying the TestCryptoMix Ransomware ransom. The people responsible for these kinds of attacks are very unlikely to help computer users recover from one of these infections, and they are just as likely to demand additional payments or continue to harass the victim. Instead, it is important to have file backups on an external device to allow for easy and quick recovery of files affected by the TestCryptoMix Ransomware.