A new version of the CryptXXX Ransomware was discovered by Brad DuncanÂ that includes changes to encrypted file names, usesÂ modified ransom note names, a new template, and a new TOR payment site description. With this release, the ransom notes are now named README.html, README.bmp, and README.txt.
To make it more difficult for administrators, this release no longer uses special extensions for encrypted files. Â Now an encrypted file will retain the same filename that it had before it was encrypted.
Â There have also been some changes to the TOR payment site used by CryptXXX. In the past, CryptXXX hadÂ namedÂ it’s payment site using different names such as Google Decryptor andÂ Ultra Decryptor. Â Now, the devsÂ have changed the TOR site so that it is named Microsoft Decryptor. This version also does not include a method of contacting the ransomware devs if a victim has payment problems.
If anything new is discovered, I will be sure to post it here. Â For now, if anyone wishes to discuss this ransomware or receive support, you can use theÂ CryptXXX Support & Help Topic.