A new version of the CryptXXX/UltraCrypter ransomware was released today that switched from using the .crypz extension to a random one consisting of 5 hexadecimal characters. For example, one computer's encrypted files may use the extension .AC0D4, while another victim's files would use the .DA3D1 extension.

CryptXXX Ransom Note
CryptXXX Ransom Note

The ransom note names are currently set to @[victim_id].txt, .html, and .bmp. So a user with a victim ID of 14AC2EF20B23, would have ransom notes named 14AC2EF20B23.html, 14AC2EF20B23.bmp, and 14AC2EF20B23.txt.

For those who need help with this ransomware, you can use this very active support topic: CryptXXX Support & Help Topic.

Related Articles:

Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption

The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More

GandCrab Devs Release Decryption Keys for Syrian Victims

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More