Mailto Ransomware

Ransomware threats continue to be one of the most preferred methods of tricking people out of their money online. Almost anyone can build a data-locking Trojan and use it to extort people. This is because there are numerous ransomware building kits available online for free. Among the newest uncovered threats of this type is the Mailto Ransomware.

Propagation and Encryption

The infection vectors used by the perpetrators of the Mailto Ransomware are not known. Some malware researchers believe that the attackers may be utilizing fake pirated copies of popular applications, bogus software updates, and torrent trackers to spread the Mailto Ransomware. However, the most common method of distribution of this threat is spam emails certainly. These emails would contain a fraudulent message urging the user to open the corrupted attached file. This attachment carries the payload of the threat and would infect the users’ system as soon as they open it. The Mailto Ransomware is capable of locking a wide variety of file types. Usually, popular file types such as .jpeg, .jpg, .mp3, .mp4, .doc, .docx, .xls, .xlsx, .pdf, .mov, .ppt, .pptx among many others, will be targeted for encryption by data-locking Trojans like the Mailto Ransomware. When the files of interest are located, the Mailto Ransomware will proceed by triggering its encryption process. This file-locking Trojan applies an encryption algorithm to lock all the targeted data. When a file undergoes the encryption process of the Mailto Ransomware, you will notice that its name will be altered. This Trojan appends a '.mailto[2Hamlampampom@cock.li].' extension to the locked files, where the ‘VICTIM ID’ is a uniquely generated ID for each user affected by the Mailto Ransomware.

The Ransom Note

In the next step of the attack, the Mailto Ransomware drops a ransom note called '-Readme.txt.' The ransom message is rather lengthy, and in it, the attackers explain to the victims what has happened to their files. They claim that there is no way to recover any of the affected data unless they cooperate with them and pay up the ransom fee. The authors of the Mailto Ransomware warn that if they take too long to get in touch, it is likely that the victims may never be able to recover their data. The attackers offer to unlock several files free of charge to prove to the victims that they are capable of decrypting the affected data. There are two email addresses provided as a means of communication – ‘2Hamlampampom@cock.li’ and ‘Galgalgalgalk@tutanota.com.’

It is advisable to avoid contacting cybercriminals. There is nothing to guarantee that you will be provided with the decryption key you need, even if you give in and pay the ransom fee. Instead, you should look into obtaining a reputable anti-malware solution, which will help you remove the Mailto Ransomware from your computer safely.