Avast, the popular antivirus provider, today announced the rollout of their latest free ransomware decryptor tool for the ransomware strain, CryptoMix. CryptoMix is a rather infamous ransomware with multiple aliases, including CryptFile2, Zeta, or the most recent alias CryptoShield.
Decryption tool for CryptoMix ransomware
First spotted in March 2016, CryptoMix is a rather recently-discovered ransomware strain. In early 2017, its developers renamed CryptoMix to CryptoShield. The spread of this ransomware could be described as a medium level of prevalence and has been steady since its discovery. Exploit Kits are its main weapon while attacking target accounts on the Internet.
After intruding the target machine, CryptoMix tries to communicate with the Command and Control server in order to establish a key to encrypt files (the AES-256 algorithm is used). But it doesn’t back down even if the system is down or not connected to the Internet. The ransomware strain then infects it with what it calls one of its fixed keys or offline keys.
What Avast claims is that their decryption tool for CryptoMix can decrypt files that were encrypted using the “offline key”. In cases where the offline key was not used to encrypt files, this new tool will possibly be unable to restore the files and will not modify any files.
CryptoMix can be easily recognized by the uncommon file extensions that it adds to your system during the infection process. These new file extensions added to the original file names include .CRYPTOSHIELD, .scl, .rscl, .lesli, .rdmk, .code, or .rmd. Furthermore, the ransom notes are located in files with the names HELP_DECRYPT_YOUR_FILES.HTML, # RESTORING FILES #.TXT, etc.
But the biggest problem yet with CryptoMix is a number of flaws in this ransomware. The bugs are so severe that sometimes the attackers might leave the victim with encrypted files even after absorbing the entire ransom amount. Some cases on the Internet reveal that victims have paid close to 5-10 bitcoins but did not receive the promised decrypted files in return. This is where the new Avast tool jumps in. Although it cannot provide much protection in avoiding ransomware for you, but if you are left with encrypted files, it can surely help resolve it.