The battle against ransomware continues. This week Avast released a new decryption tool for the CryptoMix ransomware, which is also going by the names Zeta, CryptFile2, and CryptoShield. The tool works for files, encrypted by CryptoMix while in offline mode.
Avast doesn’t give any guarantees that the decryptor will work on all files as with such tools there is always a chance of losing the files permanently. However, this is victims` only chance of avoiding paying a hefty amount of money.
CryptoMix first appeared on the ransomware stage in March 2016 and, a couple of months ago, its developers renamed it to CryptoShield.
Avast`s decryptor is developed to work on files that have been encrypted in offline mode – when the ransomware runs and locks victim`s data even when the machine is not connected to the Internet and the ransomware cannot contact its Command and Control server.
For the moment, victims who had their data encrypted by CryptoMix can use Avast`s tool to recover “.CRYPTOSHIELD”, “.scl”, “.rscl”, “.lesli”, “.code”, “.rmdk”, and “.rmd” files.
All experts strongly advise against payment:
“CryptoMix is a nasty ransomware strain that has been spreading for a while. Its code quality is pretty low compared to its competitors and it even contains flaws that may cause your files to become undecryptable. You can easily find online complaints left by victims that paid the ridiculous amounts of extortion (5-10 bitcoins ~ $5,000-$10,000) and that were left without decrypted files. This might be the reason why its authors are changing the name so often – would you even consider paying someone with such a negative reputation?” – Avast warns.
Paying the ransom demanded is not the right option and it also doesn’t guarantee you anything. Moreover, most victims could not afford to pay so much money even if they wanted to and that’s why such tools are being developed.
When it comes to infections it is always better and easier to prevent them from entering in the first place, that to dealing with them later. So, pay more attention while online and be extra careful what you are downloading.
