Maykolin Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 4 |
First Seen: | May 10, 2017 |
OS(es) Affected: | Windows |
The Maykolin Ransomware is a ransomware Trojan that is used to extort computer users. The Maykolin Ransomware was first observed in May 2017. The Maykolin Ransomware receives its name from the email address that is used by its perpetrators to contact the victims. The Maykolin Ransomware, like most ransomware Trojans, encrypts its victims' data, then asks the infected user to pay a ransom so that the con artists can provide the decryption key necessary to recover the affected files. Threats like the Maykolin Ransomware may be distributed to victims through the use of corrupted spam email attachments. These attachments may include a macro script that downloads and executes the Maykolin Ransomware on the infected PC. The Maykolin Ransomware may be installed without alerting the victim, running in the background and carrying out its attack until it is too late to recover the affected files.
Table of Contents
Uncovering the Maykolin Ransomware Infection Process
As soon as it is installed, the Maykolin Ransomware will connect to its Command and Control server to get configuration instructions and to transmit information about the infected computer. The Maykolin Ransomware will then proceed to create an index of all the targeted files on the infected computer, including the files on network storage and external memory devices connected to the victim's PC. The Maykolin Ransomware will encrypt these files using a combination of the AES 256 encryption and the RSA 2048 to encode the encryption key itself, preventing victims from accessing their data or the decryption key. The Maykolin Ransomware will target the user-generated files, which may include text files, spreadsheets, video, and numerous others. The files encrypted by the Maykolin Ransomware will be identified with the label '.[maykolin1234@aol.com],' added as an extension to the end of each affected file's name. Unfortunately, when the Maykolin Ransomware encrypts your files, it may not be possible to decrypt them. The Maykolin Ransomware delivers its ransom note in a text file named 'README.maykolin1234@aol.com.txt' that is dropped on the infected computer. This ransom note contains the following message:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC.If you want to restore them, write us to the e-mail maykolinl234@aol.com
Your ID number is *** Write your ID number in e-mail and send us.
You have to pay for decryption in Bitcoins.The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send to us up to 3 files for free decryption.Please note that files must NOT contain valuable information and their total size must be less than 10Mb.
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
h[tt]ps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
h[tt]p://www.coindesk.com/information/how-can-i-buv-bitcoins/
Attention!
• Do not rename encrypted files.
• Do not try to decrypt your data using third party software, it may cause permanent data loss.
• Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
Exposing the Maykolin Ransomware Hoax
The ransom note displayed above is very similar to the ransom text delivered by variants in the Dharma ransomware family. However, it seems that the Maykolin Ransomware is a standalone threat and does not belong to this wider ransomware family. Computer users should refrain from paying the Maykolin Ransomware ransom since it allows these people to continue creating threats. Instead, they should have file backups. Having the ability to restore the corrupted files by simply copying over a file again from a backup copy can make computer users invulnerable to the Maykolin Ransomware and similar hoaxes and is the best protection for your data ultimately.
SpyHunter Detects & Remove Maykolin Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | crypt.exe | 48f2575912041482ca316ee3092e44b6 | 4 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.