New CryptXXX changes name to Microsoft Decryptor

Share this…

A new version of the CryptXXX Ransomware was discovered by Brad Duncan that includes changes to encrypted file names, uses modified ransom note names, a new template, and a new TOR payment site description. With this release, the ransom notes are now named README.html, README.bmp, and README.txt.

To make it more difficult for administrators, this release no longer uses special extensions for encrypted files.  Now an encrypted file will retain the same filename that it had before it was encrypted.

CryptXXX Ransom Note
CryptXXX Ransom Note

 There have also been some changes to the TOR payment site used by CryptXXX. In the past, CryptXXX had named it’s payment site using different names such as Google Decryptor and Ultra Decryptor.  Now, the devs have changed the TOR site so that it is named Microsoft Decryptor. This version also does not include a method of contacting the ransomware devs if a victim has payment problems.

CryptXXX's Microsoft Decryptor TOR Site
CryptXXX’s Microsoft Decryptor TOR Site

If anything new is discovered, I will be sure to post it here.  For now, if anyone wishes to discuss this ransomware or receive support, you can use the CryptXXX Support & Help Topic.