A new variant of the TeslaCrypt ransomware was released a bit over a week ago that still refers to itself as version 2.2.0, but contains some minor changes compared to the previous release.  The most noticeable change are the differences in the ransom notes.  The ransom notes now include instructions to use translate.google.com if English is not the victim's native language. Some of the wording has also been changed, but the general gist is the same. The text version of the new ransom note can be seen below.

The other change is the use of 0s (Zeros) for the first four bytes of the encrypted files. In the past the the first four bytes of the VVV encrypted files contained the DEADBEEF hexadecimal numbers. Now the first four bytes of the encrypted files have been changed to 00000000.  You can see the first four bytes zeroed out in the image below.

If anything else is discovered, we will be sure to let you know as soon as possible.

Related Articles:

The Week in Ransomware - June 22nd 2018 - Scarab Everywhere!

New SamSam Variant Requires Special Password Before Infection

DBGer Ransomware Uses EternalBlue and Mimikatz to Spread Across Networks

The Week in Ransomware - June 15th 2018 - DBGer, Scarab, and More

New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware