A new version of the CryptXXX/UltraCrypter ransomware was released today that switched from using the .crypz extension to a random one consisting of 5 hexadecimal characters. For example, one computer's encrypted files may use the extension .AC0D4, while another victim's files would use the .DA3D1 extension.

CryptXXX Ransom Note
CryptXXX Ransom Note

The ransom note names are currently set to @[victim_id].txt, .html, and .bmp. So a user with a victim ID of 14AC2EF20B23, would have ransom notes named 14AC2EF20B23.html, 14AC2EF20B23.bmp, and 14AC2EF20B23.txt.

For those who need help with this ransomware, you can use this very active support topic: CryptXXX Support & Help Topic.

Related Articles:

The Week in Ransomware - December 14th 2018 - Slow Week

Company Pretends to Decrypt Ransomware But Just Pays Ransom

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

Ransomware Infects 100K PCs in China, Demands WeChat Payment

Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware