Infected with CryptoMix Ransomware? Need to decrypt your files?
What is CryptoMix Ransomware
CryptoMix Ransomware is famous family of ransom-demanding encryption viruses. It also known as Mole66 ransomware, Empty ransomware, Mole Ransomware, Lesli Ransomware, ZERO Ransomware. Recently it came up with updated version that modifies your files with random set of 32 letters and digits and .xzzx file extension. List of possible file extensions are:
So it makes your files look like this: 1V3DJHJ6M78BL3535RTY987XZFDGP876.XZZX. All versions uses complex double encryption with RSA-1024 ans AES algorithms. After encryption finishes CryptoMix Ransomware creates _HELP_INSTRUCTION.TXT file that contains contact e-mails and ransom-demanding message. Malefactors use following e-mails: email@example.com, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org. Here are the contents of this file:
Attention! All Your data was encrypted!
For specific information, please send us an email with Your ID number:
Please send email to all email addresses! We will help You as soon as possible!
Another version of ransom notes:
NOT YOUR LANGUAGE? USE https://translate.google.com
What happened to your files?
All of your files were protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/rsa_(cryptosystem)
How did this happen ?
!!! Specially for your PC was generated personal RSAj-2048 key, both public and private.
!!! ALL YOUR files were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with tne help of the private key and decrypt program, which is on our Secret Server
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining bitcoin now! , and restore your data easy way.
If you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions:
Contact us by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 12 hours.
For you to be sure, that we can decrypt your files – you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee.
Virus also runs commands to stop main Windows security services (such as Windows Defender), disables recovery options and removes shadow copies. Current amount of ransom payment is unknown, but usually it varies between $300 and $1000, and have to be paid in BitCoins. Please, follow the guide below to remove CryptoMix Ransomware and restore .xzzx files in Windows 10, Windows 8, Windows 7.
How CryptoMix Ransomware infected your PC
CryptoMix Ransomware can infect your PC through unprotected RDP configuration, infected attachments to spam e-mails, exploits, web-injections, fake software updates. You can also get this ransomware on file sharing networks, including torrent files. Ransom is asked to be paid in BitCoins, that also makes the task difficult for the police, as user in this network are often anonymous. Encryption starts in the background. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.
First of all don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the CryptoMix Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
SpyHunter 4 – fully removes all instances of CryptoMix Ransomware – files, folders, registry keys.
Step 2: Remove following files and folders of CryptoMix Ransomware:
Remove following registry entries:
Remove following files:
How to decrypt files infected by CryptoMix Ransomware (.xzzx files)?
Use automated decryption tools
There is ransomware decryptor from Kaspersky that can decrypt .xzzx files. It is free and may help you restore .xzzx files encrypted by CryptoMix Ransomware virus. Download it here:
Alternative tool for CryptoMix decryption
Alternative tool for Mole decryption
You can also try to use manual methods to restore and decrypt .xzzx files.
Decrypt .xzzx files manually
Restore the system using System Restore
Although, latest versions of CryptoMix Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – CryptoMix Ransomware by CryptoMix Ransomware). This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Restore .xzzx files using shadow copies
- Download and run Data Recovery Pro.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Choose all files on folder you want to restore and select Restore.
- Choose export location and view restored files.
Protect your files from ransomware
Most modern software can protect your data from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach to protect your files from ransomware and lockers. One of the best is SOS Online Backup. The product will automatically find important files, then simply make a daily backup on the remote server. SOS runs quietly and automatically in the background and supports any size and any file type. All SOS apps (desktop AND mobile) encrypt files using UltraSafe 256-bit AES before transferring them to the cloud. You will not lose your important data. Download One Year Plan.
Information provided by: Alexey Abalmasov