diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index f79be3c..ac17a71 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -5018,16 +5018,26 @@
           ".id_*_email_zeta@dr.com",
           ".id_(ID_MACHINE)_email_anx@dr.com_.scl",
           ".email[supl0@post.com]id[\\[[a-z0-9]{16}\\]].lesli",
-          "*filename*.email[*email*]_id[*id*].rdmk"
+          "*filename*.email[*email*]_id[*id*].rdmk",
+          ".EMPTY",
+          ".0000"
         ],
         "ransomnotes": [
           "HELP_YOUR_FILES.html (CryptXXX)",
           "HELP_YOUR_FILES.txt (CryptoWall 3.0, 4.0)",
-          "INSTRUCTION RESTORE FILE.TXT"
+          "INSTRUCTION RESTORE FILE.TXT",
+          "# HELP_DECRYPT_YOUR_FILES #.TXT",
+          "_HELP_INSTRUCTION.TXT",
+          "C:\\ProgramData\\[random].exe",
+          "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nempty01@techmail.info\n\nempty02@yahooweb.co\n\nempty003@protonmail.com\n\nWe will help You as soon as possible!\n\nDECRYPT-ID-[id] number",
+          "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ny0000@tuta.io\n\ny0000@protonmail.com\n\ny0000z@yandex.com\n\ny0000s@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id]"
         ],
         "refs": [
           "http://www.nyxbone.com/malware/CryptoMix.html",
-          "https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/"
+          "https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/",
+          "https://twitter.com/JakubKroustek/status/804009831518572544",
+          "https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/",
+          "https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/"
         ]
       }
     },
@@ -8326,26 +8336,6 @@
         ]
       }
     },
-    {
-      "value": "Zeta",
-      "description": "Ransomware",
-      "meta": {
-        "synonyms": [
-          "CryptoMix"
-        ],
-        "extensions": [
-          ".code",
-          ".scl",
-          ".rmd"
-        ],
-        "ransomnotes": [
-          "# HELP_DECRYPT_YOUR_FILES #.TXT"
-        ],
-        "refs": [
-          "https://twitter.com/JakubKroustek/status/804009831518572544"
-        ]
-      }
-    },
     {
       "value": "Zimbra",
       "description": "Ransomware mpritsken@priest.com",