A new variant of Bitcoin ransomware appears, which modifies the file extension and makes the system unable to decrypt it

Golden Finance News - It seems that many existing Bitcoin ransomware are undergoing some "upgrades". CryptoMix's variant software CryptFile2 has some noteworthy changes.

All encrypted files of the Bitcoin ransomware CryptFile2 will now be changed to a new file extension, which will make the ransomware more difficult to crack and the number of victims will increase. After all, they cannot easily identify which type of Bitcoin ransomware has infected their system.

If victims already don’t have to worry about Bitcoin ransomware attacks, the hackers of CryptFile2 decided to warn them of the danger that is just around the corner.

Most types of Bitcoin ransomware infections can be easily identified by looking at the extensions of the encrypted files. However, the updated CryptoMix variant now removes the extensions of proprietary files and renames the files to the “.wallet” extension. This surprising development could have serious consequences.

As a result of this change, victims of Bitcoin ransomware can no longer identify the damage done to their systems by tampering with files. In a way, this should improve the criminals' chances of getting paid.

However, it remains to be seen whether the “.wallet” extension will increase demand for more people to pay the Bitcoin ransom. Consumers knowing how to pay the Bitcoin ransom is never the right answer.

There is one more thing that could make the problem worse. There are several types of Bitcoin ransomware that use the .wallet extension, and CryptFile2 is just one of many variants. Dharma, Sanctions, and some other types of malware also use this extension.

Moreover, people cannot communicate with the criminals through email addresses as Bitcoin ransomware does not give any type of hint.

Unfortunately, current decoding programs are still unable to decrypt malicious files with the .wallet extension. Regardless of which Bitcoin ransomware caused the virus infection, security engineers are currently unable to provide any free cracking and anti-virus tools for ransomware with this extension. However, a free tool may be provided in the future, and for now, the only feasible way is to restore data from backups.

As people feared, CryptFile2 spreads itself in many different ways these days. Unfortunately, there is no clear pattern for virus removal.

This makes it difficult for researchers to alert the public to this new threat. Spam emails, malicious downloads, and malicious links are the most likely ways Bitcoin ransomware is spread.