Backup Ransomware : New Variant of CryptoMix Constantly Infecting Windows PCs

Malware researchers team of a reputed online security firm have discovered a new variant of CryptoMix ransomware known as Backup Ransomware which targets the Windows machines for encoding specific file types saved on the system. After getting inside the systems, the Backup Ransomware encodes the file name by adding a new file extension identified as ‘.BACKUP’. In this file-encrypting virus, the cyber extortionists have changes the email address that it provides for the contacting purposes and also slightly modified the ransom note that it displays after successful file encryption process.

BACKUP Ransomware

In this article, you will get the detailed information on any changes that have been made in Backup Ransomware for infecting as much system users as possible and also provide you the tips that will help you protect from the attack of such notorious virus. Technically speaking, the encryption procedure that was used in CryptoMix ransomware is remain same in the updated variant ‘Backup Ransomware’ as well except some slight differences that does not matter a lot. The text in the ransom note displayed by Backup Ransomware has been changed and now the hackers behind this malware uses 6 different types of email address and provides them onto the ransom notification to instruct victims to contact them for getting ransom payment instructions.

List of Email Addresses Used by Hackers in Backup Ransomware

  • backuppc@protonmail.com

  • backuppc@tuta.io

  • b4ckuppc2@yandex.com

  • backuppc1@protonmail.com

  • backuppc1@dr.com

  • b4ckuppc1@yandex.com

Talking about the next changes that have been made by the cyber extortionists in Backup Ransomware is the file extension that it appends on every enciphered files name. In this new variant of CryptoMix ransomware, the threat alters the file name by adding ‘.BACKUP’ extension and makes them inaccessible for the victimized users until they pay the asked ransom money. In addition to that, the threat actors also threatens the affected system users by stating that if they use a third party software for data recovery, then the files will be destroyed forever. However, you should never believe on what these cyber criminals claim. Most importantly, you need to avoid contacting the hackers responsible for Backup Ransomware attack through above-mentioned email addresses

Related Article: SynAck Ransomware Evades Anti-virus Detection Via Process Doppelgänging

What’s more, do not follow the instructions mentioned on its displayed ransom note. The ransom message can be seen on the notification reported as ‘_HELP_INSTRUCTION.TXT’, usually gets dropped on the compromised system’s desktop. Unfortunately, at the time of writing this security article, there is no decryptor have been released by the malware researchers for free that can help you to decrypt the files. In this kind of situations, you need to delete Backup Ransomware by using a credible anti-malware tool and try a reliable data recovery that might help you in recovering some of your crucial system files or wait for the security analysts to release a decryptor for free after breaking the code of Backup Ransomware.

Leave a Comment

Your email address will not be published. Required fields are marked *