A new update to the CryptXXX Ransomware has made significant design changes to both the ransom notes and the TOR payment site. Previously, CryptXXX, like many other ransomware infections, copied the layout and design of CryptoWall. With this recent update, they have now created their own template and changed the name of their decryptor to UltraDeCrypter. Could this indicate a formal name for the ransomware as UltraCrypter?
Along with the new payment site shown above is also a new HTML ransom note design and wallpaper.
The wallpaper is now:
If any significant changes are discovered in the ransomware, we will be sure to update this post. For those who wish to discuss this ransomware or need support, you can use this forum topic: CryptXXX / UltraDeCrypter Ransomware Support and Help Topic (.crypt .cryp1 ext).
The latest version is also able to encrypt data found on unmapped network shares.