A new version of the CryptXXX/UltraCrypter ransomware was released today that switched from using the .crypz extension to a random one consisting of 5 hexadecimal characters. For example, one computer's encrypted files may use the extension .AC0D4, while another victim's files would use the .DA3D1 extension.

CryptXXX Ransom Note
CryptXXX Ransom Note

The ransom note names are currently set to @[victim_id].txt, .html, and .bmp. So a user with a victim ID of 14AC2EF20B23, would have ransom notes named 14AC2EF20B23.html, 14AC2EF20B23.bmp, and 14AC2EF20B23.txt.

For those who need help with this ransomware, you can use this very active support topic: CryptXXX Support & Help Topic.

Related Articles:

REvil ransomware devs added a backdoor to cheat affiliates

FBI, CISA, and NSA warn of escalating Conti ransomware attacks

Second farming cooperative shut down by ransomware this week

Modern cyber protection: The digital must-have for home users

Going beyond backup: Acronis True Image is now Acronis Cyber Protect Home Office