New Arena CryptoMix Ransomware

A new variant of the CryptoMix ransomware that is appending the .arena extension to encrypted file names. When a file is encrypted by the ransomware, it will modify the filename and then append the .arena extension to encrypted file’s name. For example, a test file encrypted by this variant has an encrypted file name of EA1221EC8B516824060636CC280F0D0A.arena. This variant also contains 11 public RSA-1024 encryption keys that will be used to to encrypt the AES key used to encrypt a victim’s files.

Filenames associated with the ARENA Cryptomix Variant:
_HELP_INSTRUCTION.TXT
C:\ProgramData\[random].exe

Registry entries associated with the ARENA CryptoMix Variant:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”=”C:\ProgramData\[Random].exe””

Emails Associated with the ARENA Ransomware:
ms.heisenberg@aol.com

ARENA Ransom Note Text:
“All your files have been encrypted!
——————-
You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
——————-

We recommend these safe security habits to follow:

  • Backup, Backup, Backup, yourself or use a good Anti virus product which will do this for you , such as Max Total Security
  • Do not open attachments if you do not know who sent them.
  • Turn on Email protection on provided by Anti-Virus such as Max Total Security.
  • Make sure all Windows updates are installed as soon as they come out, follow Max Total Security vulnerability scanner.
  • Also make sure you update all programs, especially Java, Flash, and Adobe Reader.
  • Use hard passwords and never reuse the same password at multiple sites.
  • Use a good Anti-Virus which protects your files from being encrypted in the first place, Max Total Security Max Crypto Monitor Tool does this for you

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>