A new variant of the Cryptomix Ransomware has been spotted being spread in the wild. This new version appends the.DLL extension to encrypted files and is said to be installed through hacked remote desktop services. The ransom note continues to be named _HELP_INSTRUCTIONS_.TXT, but now uses the [email protected], [email protected] and [email protected].
Source: https://www.bleepingcomputer.com/news/security/dll-cryptomix-ransomware-variant-installed-via-remote-desktop/