Petya Ransomware Returned With Failsafe MISCHA Ransomware

ransom-note
Ransome Note by Mischa Ransomware

Petya Ransomware Returned With Failsafe MISCHA Ransomware

Ransomware are a kind of malicious software which infiltrate into targeted computers and limit users to access their own saved files on the computer system. The ransomware viruses are being developed by evil software developers and expert cyber criminals to force victims to pay an amount of money in Bitcoins on TOR payment sites. Petya + Mischa Ransomware also ties in this series to nuisance computer users. More details about Ransomware are available at : https://en.wikipedia.org/wiki/Ransomware#Mischa

Earliyer Petya Ransomware had been distributed over Internet by cyber criminals and it had damaged numerous computers. Victims had suffered a lot by its amazing file encryption ability and compelled to pay ransom against decryption of their valuable files. But Petya Ransomware has a draw back, that it can’t change MBR (Master Boot Record) and encrypt files saved on attacked computer until it gain administrative privileges. It in case of unable to acquire Admin privileges, Petya Ransomware couldn’t encrypt user’s file, so the developers of Petya ransomware solved this issue by bundling of Petya with Mischa Ransomware. If you wish to know more about Petya http://news.softpedia.com. Likewise Petya Ransomware, Mischa Ransomware also encrypts files and force users on compromised computer for payment of a ransom to provide decryption key. Currently amount of redemption has been set at 1.93 Bitcoins or about $ 875 US dollars.

payment-page-step-1

Distributors of Petya/Mischa Ransomware infection spreads over Internet via Spam e-mail with misleading attachment files . The malicious mail pretends like a offer for job application. These messages contain a link to refer a cloud storage service such as MagentaCloud, which contains an image of the intended applicant and the executable file which impersonate as a PDF document with a name starts with PDF. This executable file is called something like PDFBewerbungsmappe.exe. When the victim downloads an executable file, it will have the PDF icon to make it appear as a PDF summary. This executable file ask you to enable Macros on your computer and deceptively install Petya. If it fails to get installation or gain access of Admin privileges then it establish Mischa Ransomware infection on your computer. https://threatpost.com also discussed more associated details.

payment-page-step-2

When installing Mischa it will scan your computer for data files, encrypt them using the AES encryption algorithm, and then add an extension to four characters in the file name. For example, test.jpg can become test.jpg.7GP3 or test.jpg.eQTz, test.jpg.3P7m, test.jpg.3RNu, test.jpg.arpT. While encryption Misha file will store the encrypted decryption key at the end of the encrypted file. When encrypting files, Mischa will skip files that are located in the following folders:

  • \ $ Recycle.Bin
  • \ Windows
  • \ Edge
  • \ Microsoft
  • \Safari
  • \ Mozilla Firefox
  • \ Opera
  • \ Temp
  • \ Internet Explorer
  • \Local
  • \Chromium
  • \ LocalLow

payment-page-step-3

A very annoying approach of Mischa Ransomware that it will not only encrypt your personal file types like PDF, JPEG, JPG, PNG, DOCXs, XLS etc.), but it also encrypts executable files too. In each folder where the ransomware virus encrypts file, it will also create two ransom note such as, “YOUR_FILES_ARE_ENCRYPTED.HTML” and “YOUR_FILES_ARE_ENCRYPTED.TXT”. These notes provide information about the file encryption on your computer, how to pay ransom against decryption keys and links to Tor websites where payments should be made. In addition, the ransom note is a special code that you must use to the payment site to pay the ransom.

faq-page

At present there is no any way to recover your encrypted files for free, but it is always suggested that you should try to use alternatives like use of Shadow Explorer for back up from shadow copies , use Cloud or backup on external drives if you have done previously. Even you have no any back up then it should be better to use effective decryption tool or data recovery tool instead of make payment to evils minded and untrusted cyber criminals. Making payment of ransom also encourage their destructive software development. You may find helpful steps on http://www.opverwijderenspyware.com to remove MISCHA And Petya Ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *