CryptoMix (Offline)

CryptoMix (also known as CryptFile2 or Zeta) is a ransomware strain that was first spotted in March 2016. In early 2017, a new variant of CryptoMix, called CryptoShield emerged. Both variants encrypt files by using AES256 encryption with a unique encryption key downloaded from a remote server. However, if the server is not available or if the user is not connected to the internet, the ransomware will encrypt files with a fixed key ("offline key").



Important: The provided decryption tool only supports files encrypted using an "offline key". In cases where the offline key was not used to encrypt files, our tool will be unable to restore the files and no file modification will be done.

Update 2017-07-21: The decryptor was updated to also work with Mole variant.

Filename changes: Encrypted files will have one of the following extensions: .CRYPTOSHIELD, .rdmk, .lesli, .scl, .code, .rmd, .rscl or .MOLE. Ransom message: The following files may be found on the PC after encrypting files:

If CryptoMix has encrypted your files, click here to download our free fix:

Download CryptoMix Fix