Part of the ransomware trojan family, CryptoMix was first noticed in March 2016 and, since then, new variants were released, one of the most widely spread being CryptoShield. CryptoMix encrypts your files using the AES256 algorithm, downloading the encryption key from a server if the computer is connected to the Internet, which is usually the case. However, in the absence of an online connection, an offline key is used. That is where
Avast Decryption Tool for CryptoMix
, as it can reproduce this offline encryption key and thus help you unlock your files.
Files that are encrypted by CryptoMix or its variants have one of the following extensions: .CRYPTOSHIELD, .rdmk, .rscl, .rmd, .lesli, .code or .scl.
A ransom note is placed on the desktop, either in HTML or text format, encouraging the victim to contact the attacker via email to get instructions on how to proceed with the payment. However, there is no guarantee the files will be decrypted.
The Avast Decryption Tool for CryptoMix is designed like a wizard, providing a step-by-step guide to decrypting all the files. First, you have to select the locations where the encrypted files are stored by choosing between local and network drives, or individual directories.
To crack the encryption key, Avast Decryption Tool for CryptoMix requires you to load an encrypted file and its counterpart. To get a matching pair of files, you can try using the default files in the “Pictures” folder. Unencrypted versions of files can be easily found in a backup file or the “Pictures” folder of another workstation.
Avast Decryption Tool for CryptoMix tries to decrypt your files based on a key generated by analyzing the infected documents with respect to a non-infected file. As mentioned above, it only works if the offline key was used to encrypt files. Therefore, it cannot guarantee that all the locked files are decypted. Even so, it is worth a try.