Can I Remove CryptMix Ransomware and .code File Extension? - How to, Technology and PC Security Forum |

Can I Remove CryptMix Ransomware and .code File Extension?

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

ransomware-virusRansomware cases usually follow the same pattern of infection and behavior. However, a recently detected ransomware proves that ransomware authors can be creative, too. The so-called CryptMix ransomware is operated by a group of individuals calling themselves the Charity Team. The group claims that if the ransom is paid, some of it will go to a children’s charity organization.

Threat Summary

NameCryptMix Ransomware
Short DescriptionThe ransomware encrypts files with the RSA-2048 and appends a .code encryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows is displayed.
Distribution MethodSpam emails, drive-by downloads, exploit kits
Detection Tool See If Your System Has Been Affected by CryptMix Ransomware


Malware Removal Tool

User ExperienceJoin our forum to Find A Solution about CryptMix Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Why “CryptMix” Ransomware?

The name derives from the ransomware’s analysis. Columbian researcher Nyxbone has said that the threat is a combination of ransomware families such as CryptoWall 3.0, CryptoWall 4.0 and CryptXXX, hence “CryptMix”.

CryptMix Ransomware Distribution Methods

Researchers report that the ransomware is downloaded to a victim’s machine via drive-by downloads, initiated on corrupted websites. The chain of infection begins with a spam email containing links to bad pages. If the user is lured into clicking on any of the links, he will be redirected to a page that hosts an exploit kit. The EK leverages security flaws in browser plugins.

To summarize, CryptMix uses the following methods to propagate itself:

  • Spam emails;
  • Corrupted links;
  • Corrupted websites;
  • Exploit kits;
  • Browser vulnerabilities.

CryptMix Ransomware Technical Overview

Once CryptMix is installed on a system, the encryption process starts automatically. The ransomware targets and encrypts 862 files types, which is a unique feature.

Files encrypted by CryptMix will have a .code extension appended to them. Once the encryption process ends, the user will see a ransom note, which is quite similar to the ones used by CryptXXX and CryptoWall.

Here is what the ransom note looks like:


As visible from the note, CryptMix’s authors claim that they have used the RSA-2048 algorithm. An ID is also present, convincing the victim to send an email to the given email addresses – xoomx[@] and xoomx[@]

Despite CryptMix authors’ promises to transfer some of the ransom money to a charity, paying the ransom is still not recommended. As of the ransom itself, it is quite a large one – 5 Bitcons, or approximately $2,200 in exchange for a decryption key.

Can I Remove CryptMix and Restore .code Files?

Unfortunately, a free decryption method hasn’t been established yet. If you have become a victim of the ransomware, closely follow the removal manual below. It also contains information about alternative file restoration methods using specific software. And remember that paying the ransom is never a good idea for two reasons:

  • There’s no guarantee you will receive a decryption key as promised;
  • By paying, you support cybercriminal activities and encourage future campaigns.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share