14 DAY TRIAL // Avast continues its battle against ransomware by releasing a new decryption tool for CryptoMix, also known under other aliases, including CryptFile2, Zeta or CryptoShield. The decryption tool works for files that were encrypted while in offline mode.
CryptoMix is a ransomware strain that was first observed in the wild back in March of last year. A few months ago it was renamed by its authors to CryptoShield, but the essence is the same.
As mentioned, Avast's tool works for all the victims who had their files encrypted while in offline mode, which is when the ransomware runs and encrypts a victim's computer even when there's no Internet connection available, thus making it impossible for the malware to reach its Command & Control server.
The keys provided by Avast can be used to try and decrypt the files, but there is no guaranteed success, as with most such tools and there's even the risk of losing the files.
At this point, the decryptor can be used to free .CRYPTOSHIELD .scl, .rscl, .lesli, . code, .rmdk, and .rmd files.
Don't pay up
"CryptoMix is a nasty ransomware strain that has been spreading for a while. Its code quality is pretty low compared to its competitors and it even contains flaws that may cause your files to become undecryptable. You can easily find online complaints left by victims that paid the ridiculous amounts of extortion (5-10 bitcoins ~ $5,000-$10,000) and that were left without decrypted files. This might be the reason why its authors are changing the name so often - would you even consider paying someone with such a negative reputation?" Avast warns.
Paying the ransom is never the answer and that's why such tools are being released. Given how much money these folks are asking for, it's also probably not an option for most of those infected.
Prevention is always best in such cases, so you might want to pay extra attention to everything you download off the Internet.