A new variant of the Critroni, or CTB Locker, ransomware is being distributed that now offers the ability to decrypt 5 files as proof that paying the ransom will get you your files back. This variant also changed the extension of encrypted files from .CTBL to .CTB2. Unfortunately, there is still no known method of decrypting your files without paying the ransom.
As reported by Kafeine, this malware is offered as a paid subscription service on the black market. This allows different individuals or organizations to purchase, customize, and distribute the malware. At this point, it is unknown whether this new variant is from the same group or if it is a new purchaser.
Our guide on this infection has been updated to contain information about this new variant:
CTB Locker and Critroni Ransomware Information Guide and FAQ
Edited by Grinler, 28 August 2014 - 04:28 PM.
Updated to include reference to Kafeine's article on how the malware kit is sold.