Ransomware depends on speed. Quick infections and tight payment timelines compel users to pay up or risk the loss of critical files, while rapid iteration lets malware-makers stay one step ahead of security experts.

As noted by Bleeping Computer, new strains of CryptoMix malware are now hitting networks within weeks of each other — a tactic previously used by Locky ransomware to confuse and confound users. Here’s a look at the newest crypto variants.

Extended Issues

According to the Bleeping Computer piece, two new variants of CryptoMix have appeared in recent weeks: NOOB and ZAKYA. The main difference? Their file extension, with NOOB appending a NOOB extension and ZAYKA appending ZAYKA.

The two also use different public RSA keys to encrypt AES keys and lock down user files, but both still point to the same address for payment. They also use a ransom note labeled as _HELP_INSTRUCTION.TXT, but the malware-makers have put in varying amounts of effort to communicate their demands.

In the NOOB version, this ransom note offers only basic information, saying, “Need back files?” It then provides the email addresses and a decrypt ID.

The ZAYKA variant, meanwhile, explains that victims must pay the ransom in bitcoins, suggests a way to buy those bitcoins and promises to decrypt three files for free as a show of good faith, so long as the files do not contain valuable information and total less than 1 MB in size. This version of CryptoMix makes it clear that time is running out, informing users that “the price depends on how fast you write to us” and warning that if no email is forthcoming within 36 hours, all decryption keys will be deleted, according to Bleeping Computer.

CryptoMix: Off and Running?

Other variants of CryptoMix have also emerged over the last few weeks. SC Magazine described the .EXTE version, which appends this extension and uses several email hosts to take payment. Bleeping Computer also reported on Azer, a variant of CryptoMix that leveraged a new ransom note file path and odd email addresses for users to pay up. But what really sets Azer apart is its ability to work offline.

Rather than using traceable network communication, this version embeds 10 different RSA-1024 public encryption keys and then selects one to encrypt the AES key, a significant step up from the single RSA-1024 key used by the recent Mole02 variant. Azer is notable here because it operates in a space typically considered safe from ransomware: offline.

While many CryptoMix versions aren’t exactly cutting edge, the fast pace of deployment helps give this malware an edge over other offerings. Just as security researches solve current issues, new variants emerge in the wild. Most are simply small modifications to existing encryption methods, but occasional diversions such as Azer make it tough for victims and experts alike to crack down on crypto code.

More from

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…