Threat Database Ransomware Maykolin Ransomware

Maykolin Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: May 10, 2017
OS(es) Affected: Windows

The Maykolin Ransomware is a ransomware Trojan that is used to extort computer users. The Maykolin Ransomware was first observed in May 2017. The Maykolin Ransomware receives its name from the email address that is used by its perpetrators to contact the victims. The Maykolin Ransomware, like most ransomware Trojans, encrypts its victims' data, then asks the infected user to pay a ransom so that the con artists can provide the decryption key necessary to recover the affected files. Threats like the Maykolin Ransomware may be distributed to victims through the use of corrupted spam email attachments. These attachments may include a macro script that downloads and executes the Maykolin Ransomware on the infected PC. The Maykolin Ransomware may be installed without alerting the victim, running in the background and carrying out its attack until it is too late to recover the affected files.

Uncovering the Maykolin Ransomware Infection Process

As soon as it is installed, the Maykolin Ransomware will connect to its Command and Control server to get configuration instructions and to transmit information about the infected computer. The Maykolin Ransomware will then proceed to create an index of all the targeted files on the infected computer, including the files on network storage and external memory devices connected to the victim's PC. The Maykolin Ransomware will encrypt these files using a combination of the AES 256 encryption and the RSA 2048 to encode the encryption key itself, preventing victims from accessing their data or the decryption key. The Maykolin Ransomware will target the user-generated files, which may include text files, spreadsheets, video, and numerous others. The files encrypted by the Maykolin Ransomware will be identified with the label '.[maykolin1234@aol.com],' added as an extension to the end of each affected file's name. Unfortunately, when the Maykolin Ransomware encrypts your files, it may not be possible to decrypt them. The Maykolin Ransomware delivers its ransom note in a text file named 'README.maykolin1234@aol.com.txt' that is dropped on the infected computer. This ransom note contains the following message:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC.If you want to restore them, write us to the e-mail maykolinl234@aol.com
Your ID number is *** Write your ID number in e-mail and send us.
You have to pay for decryption in Bitcoins.The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send to us up to 3 files for free decryption.Please note that files must NOT contain valuable information and their total size must be less than 10Mb.
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
h[tt]ps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
h[tt]p://www.coindesk.com/information/how-can-i-buv-bitcoins/
Attention!
• Do not rename encrypted files.
• Do not try to decrypt your data using third party software, it may cause permanent data loss.
• Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Exposing the Maykolin Ransomware Hoax

The ransom note displayed above is very similar to the ransom text delivered by variants in the Dharma ransomware family. However, it seems that the Maykolin Ransomware is a standalone threat and does not belong to this wider ransomware family. Computer users should refrain from paying the Maykolin Ransomware ransom since it allows these people to continue creating threats. Instead, they should have file backups. Having the ability to restore the corrupted files by simply copying over a file again from a backup copy can make computer users invulnerable to the Maykolin Ransomware and similar hoaxes and is the best protection for your data ultimately.

SpyHunter Detects & Remove Maykolin Ransomware

File System Details

Maykolin Ransomware may create the following file(s):
# File Name MD5 Detections
1. crypt.exe 48f2575912041482ca316ee3092e44b6 4

Trending

Most Viewed

Loading...