CryptoMix Ransomware Developers Struggle to Keep Their Creation Relevant

There are new types of ransomware popping up on a weekly basis. The vast majority of new ransomware types are based on existing source code. The CryptoMix code is especially popular among developers, though that may change in the near future. It appears the developers using this code are slowly running out of ideas, as no new features have come to fruition and the names have been getting eerily similar. EMPTY CryptoMix is nothing special by any means.

CryptoMix Ransomware may Come to an end Soon

There have been a few dozen different versions of CryptoMix ransomware to date. Not all of those variants introduced major changes under the hood, though. In fact, it appears the big changes have been exhausted for quite some time now, and the only remaining course of action was to come up with new file extensions when the encryption process takes place. The latest variant of the CryptoMix family is called “EMPTY,” which does nothing different from any other recent variation of this malware strain.

This does not mean the new CryptoMix variant is not a big threat, though. There is no free decryption tool available for the EMPTY variant just yet, although that situation may change in the near future. It looks very similar to other recent variations of the same ransomware family, but it uses a different file extension to encrypt files.  Other than that, there are no major changes and everything else is the same as it has been for several months now. Because this ransomware family has been quite prevalent, security researchers have come up with quick solutions to decrypt files free of charge.

The main change in this variant is how it appends the .EMPTY file extension to encrypted files. This does not mean the file itself is suddenly empty, though, since this is not a data wiper. Indeed, the developers are running out of ideas to make CryptoMix better and more lucrative, which is a good sign for the rest of the world. If threats like these slowly fade away, the war against ransomware will eventually end. Unfortunately, there are plenty of other threats to deal with in this particular industry.

There is also a slight variation in the ransom note distributed as part of the EMPTY CryptoMix variant. It asks victims to send emails to three different email addresses in order to receive payment instructions. This further confirms that most ransomware developers are looking for ways to get rid of central command & control servers to issue payment instructions. It also makes it a bit more difficult to shut down these ransomware strains, though. At least it also shows how the ransomware industry is changing, as it requires a lot more effort to make money with malware now than just a few months ago.

For the time being, it is unclear how much money victims will need to pay to have their files decrypted. We have seen different types of ransomware charge a fee between US$20 and US$5,000 lately. With the Bitcoin price spiking to new heights, criminals have become a lot bolder when it comes to ransom payment amounts. Everyone wants to get rich as quickly as possible, and it only takes a few Bitcoins to accumulate a lot of money. Proper criminals will look for anonymous payment solutions such as PaySafeCard and gift cards.

The ransomware industry undergoes change on a regular basis. Earlier this year, CryptoMix ransomware was considered to be one of the biggest threats of 2017. Eight months in and the developers have no fresh ideas. They are clearly struggling to keep their creations relevant. It is unclear what the future holds for CryptoMix, but for now, things are not looking all that great. The rest of the world will not shed a tear over its struggles.