Mifr Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 30 |
| First Seen: | December 1, 2009 |
| Last Seen: | May 10, 2021 |
| OS(es) Affected: | Windows |
The Mifr Ransomware is a potent crypto locker threat that has been spawned based on the VoidCrypt malware family. As such, it operates as a typical VoidCrypt variant. Any computer system compromised by it will have nearly all stored files encrypted with an uncrackable cryptographic algorithm. Affected users will then be extorted for money if they want to get the decryption key and tool from the hackers.
The Mifr Ransomware modifies the names of the files it encrypts significantly. It appends an email address under the control of the cybercriminals, followed by a unique ID assigned to the victims and finally '.mift' as a new extension. The particular email address pleased in the file names is 'Hiden_pro@aol.com.' The threat's ransom note is delivered as text files named '!INFO.HTA' that will be created in every folder containing encrypted data.
Although the ransom note doesn't specify the exact amount of the ransom demanded by the hackers, it does mention that the transaction must be made using Bitcoin. Furthermore, the price will be doubled when 48 hours since the start of the infection have passed. Users must establish communication by sending a message to the same 'Hiden_pro@aol.com' email address. If they do not receive an answer, a secondary email at 'Hiden_pro@tutanota.com' should be used. A couple of small files can be attached to the messages to be decrypted for free.
The full text of the Mifr Ransomware's note is:
'!!! Your Files Has Been Encrypted !!!♦ your files has been locked with highest secure cryptography algorithm ♦
♦ there is no way to decrypt your files without paying and buying Decryption tool♦
♦ but after 48 hour decryption price will be double♦
♦ you can send some little files for decryption test♦
♦ test file should not contain valuable data♦
♦ after payment you will get decryption tool ( payment Should be with Bitcoin)♦
♦ so if you want your files dont be shy feel free to contact us and do an agreement on price♦
♦ !!! or Delete you files if you dont need them !!!
♦Your ID :-
our Email :Hiden_pro@aol.com
In Case Of No Answer :Hiden_pro@tutanota.com.'
