Threat Database Ransomware 'M4N1F3STO Virus' Lockscreen

'M4N1F3STO Virus' Lockscreen

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 10
First Seen: December 12, 2016
Last Seen: May 5, 2022
OS(es) Affected: Windows

The 'M4N1F3STO Virus' Lockscreen is generated by a Trojan that is designed to fool the users into believing that the data on their computers was encrypted and about to be deleted. The developer of the 'M4N1F3STO Virus' requires the payment of 0.3 Bitcoin (234 USD or 221 EUR) to be made to a wallet address in case you don't want your files to be deleted. The message shown by the 'M4N1F3STO Virus' Trojan resembles many variants we have seen with threats like the Cuzimvirus Ransomware and the BrLock Ransomware. There does not appear to be a connection between the Trojans mentioned before, and the 'M4N1F3STO Virus' Lockscreen may look like a joke to some users. However, the 'M4N1F3STO Virus' threat is no joke and can cause distress for many users since it can be delivered to systems via spam emails, corrupted links and instruments such as the Neutrino Exploit Kit.

How the 'M4N1F3STO Virus' Lockscreen is Presented to Users

When the 'M4N1F3STO Virus' Trojan is installed, it adds an entry to the list of startup programs and launches on the next system boot. As a result, the user logs into Windows and is greeted by the 'M4N1F3STO Virus' Lockscreen immediately, which features the following message:

'I want to play a game with you. Let me explain the rules:
Your personal files are being deleted. Your photos, videos, documents, etc...
But, don't worry! It will only happen if you don't comply.
However I've already encrypted your personal files, so you cannot access them.

Every hour I select some of them to delete permanently,
therefore I won't be able to access them, either.
Are you familiar with the concept of exponential growth? Let me help you out.
It starts out slowly then increases rapidly.
During the first 24 hour you will only lose a few files,
the second day a few hundred, the third day a few thousand, and so on,

If you turn off your computer or try to close me, when i start the next time
you will have 1000 files deleted as punishment.
Yes you will want me to start next time, since I am the only one that
is capable to decrypt your personal data for you.

Now, let's start and enjoy our little game together!"

[wallet address]

Send 0,3 bitcoins to this address to unlock your Pc with your email address.
Your can purchase bitcoins from localbitcoins
'

Contrary to what you are suggested, the 'M4N1F3STO Virus' Trojan does not include an encryption procedure and does not delete files on your computer. Security analysts examined samples of the threat and determined that it is not programmed to encipher and delete data, yet. Consecutive builds of the 'M4N1F3STO Virus' may support extended functionalities and feature an encryption engine.

An Unlock Code is Supposed to be Entered on the 'M4N1F3STO Virus' Lockscreen

At the time of writing this, users need an unlock code to bring down the 'M4N1F3STO Virus' Lockscreen. The 'M4N1F3STO Virus' Trojan is designed to suppress the Command Prompt utility, the Registry Editor and the Task Manager on the Windows OS. You may need to boot into Safe Mode and bypass the activation of the threat. Fortunately, researchers unveiled that the unlock code comes with the executable responsible for the 'M4N1F3STO Virus' Lockscreen. Given the playful nature of the 'M4N1F3STO Virus' message, the unlock string is rather unconventional and states 'suckmydicknigga.' Entering the code triggers a dialog box to pop up on your screen saying 'JUST DELETE IT TO REMOVE IT HAHA YOU HAVE BEEN FOOLED.' The location of the executable for the 'M4N1F3STO Virus' Lockscreen is not disclosed in the dialog box, and you may need to use a reliable anti-malware scanner to sweep your drives.

Trending

Most Viewed

Loading...