A new variant of the Detox Ransomware kit was discovered by MalwareHunterTeam dubbed "Crypt0" based on the extension it uses and project name.
This ransomware encrypts files using AES, and adds "_crypt0" before the extension of the file; for example, "picture.jpg" would become "picture_crypt0.jpg". It also leaves the ransom note "HELP_DECRYPT.TXT" in every folder, asking the victim to contact the criminals at the email address firstname.lastname@example.org. Due to a bug in the ransomware, ransom notes may also appear with the same filename several times, such as "HELP_DECRYPT.TXTHELP_DECRYPT.TXT", shown below.
Good news is this one is decryptable, and I have released a decrypter for it. Simply select the affected directory, and click "Decrypt".
Please note, the password for the zip file is "false-positive". This is a temporary response to false positives being triggered by Google SafeBrowsing and antivirus.
Edited by Demonslay335, 17 January 2017 - 06:49 PM.