New Cryptomix variant and extension [.WORK] -Ransomware, in general, uses the same way as its distribution method, the conventional way of using spam email. Spread by email is still very useful because there are still many people who are easily deceived by email tricks, this reason why cybercriminals always repeat the same method continuously.Changes in Ransomware WORK Cryptomix:
While the encryption method remains the same in this variant, there are some minor differences. Ransom notes are still named _HELP_INSTRUCTION.TXT, but now use firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org emails for victims contact if they need information payment.The next visible change is the extension added to the encrypted file. With this version, when data is encrypted by ransomware, it will rename the file and then add the .WORK extension to the encrypted file name. For example, the test file encrypted by this variant has a file name encrypted 0D0A516824060636C21EC8BC280FEA12.WORK.Protecting Yourself:
To protect yourself from ransomware, it is important for users to always implement good computing habits and security software. First and foremost is the user must always have reliable and testable data backup that can be recovered in an emergency, such as when receiving a ransomware attack.
- Users should also have security software that combines behavioral detection to fight ransomware and not just signature or heuristic detection. For example, ESET with complete technology detects any malware that can detect behavior and prevent ransomware infections from encrypting the computer.
- Backup data regularly and keep backup copies in different places. Then encrypt your backups so no more need to worry if the backup device falls into the wrong hands.
- Do not open the attachment if you do not know who sent it. Do not open the attachment until you confirm that the person sent you.
- Scan attachments with ESET Mail Security.
- Perform regular patches and operating system and application upgrades. The faster the patch/fix, the fewer open holes that can be exploited by cybercriminals.
- Update online and scheduled antivirus software, make sure you get the latest updates from antivirus manufacturers to handle outstanding malware.
- Also make sure to update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore, it is important to update it.
- For companies, use antivirus with business edition with centralized management and updating system to simplify management and handling. Make sure the system management and updates can be installed on the Linux Server operating system to reduce the possibility of infection.
- Make sure you use some security software installed that uses behavior or technology detection.
- Use hard passwords and never reuse the same password on multiple sites.
- Perform In-Depth Scans of computers via an antivirus management system.
- Ensure that all configuration convergences are optimally set.
- Make sure that no unauthorized antivirus foreign computer is on the network.