A new variant of the TeslaCrypt ransomware was released a bit over a week ago that still refers to itself as version 2.2.0, but contains some minor changes compared to the previous release.  The most noticeable change are the differences in the ransom notes.  The ransom notes now include instructions to use translate.google.com if English is not the victim's native language. Some of the wording has also been changed, but the general gist is the same. The text version of the new ransom note can be seen below.
 


The other change is the use of 0s (Zeros) for the first four bytes of the encrypted files. In the past the the first four bytes of the VVV encrypted files contained the DEADBEEF hexadecimal numbers. Now the first four bytes of the encrypted files have been changed to 00000000.  You can see the first four bytes zeroed out in the image below.
 


If anything else is discovered, we will be sure to let you know as soon as possible.

Related Articles:

Patelco shuts down banking systems following ransomware attack

Affirm says cardholders impacted by Evolve Bank data breach

Prudential Financial now says 2.5 million impacted by data breach

CDK Global says all dealers will be back online by Thursday

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack