The Mijnal Ransomware is a file-locking Trojan that targets Russian-speaking Windows users. It blocks their media files by encrypting them and solicits ransoms through a TOR website service. Ideally, users already have backups for recovery and can disinfect their systems with any PC security product capable of deleting the Mijnal Ransomware.
Stress-Testing File Security for Money
The Scarab Ransomware family may have some competing outsiders in its traditional 'home turf' of the Russian Web. The Mijnal Ransomware, caught in the last days of 2020, is an apparently-independent threat that anticipates attacking Russian speakers, too. Unlike that Ransomware-as-a-Service, it has well-defined infection tactics for its campaign that hinge on victims trusting files' names a little too much.
The Mijnal Ransomware is a .NET Framework and, therefore, Windows program. The installer circulates as 'xhome.exe' and 'OCCT,' the latter of which is a stability and stress tester for PC hardware. These fake credentials are the obvious lures for tricking users into installing a Trojan instead of the intended, legitimate software.
Once past the infection phase, the Mijnal Ransomware conducts attacks not too different from most of the other file-locker Trojans that malware researchers see. It encrypts media like documents or pictures and blocks them from opening, finally, adding 'mijnal' extensions to their names for identification. The Trojan then displays its ransom notes.
The Mijnal Ransomware's ransoming messages are TXT and HTML files that redirect users to a TOR website for the unlocker ransom-processing service. What makes the Mijnal Ransomware interesting is its sole use of Cyrillic, anticipating Russian speakers, without providing any English translation, unlike most Trojans.
Having Stress-Free Software Encounters
The Mijnal Ransomware's geo-targeting is a good reminder that Russia isn't the haven from Trojan campaigns that it was in older times. Users can endanger their PCs by encountering unofficial installers for software through resources like torrents and piracy-themed 'free download' websites. Generally, appropriate security products should identify these fake installers and block the Mijnal Ransomware before it becomes a problem, assuming that users let their security solutions scan the executable file.
There isn't a free unlocking solution to the Mijnal Ransomware, which is new and not a relative of any known, decryptable family of file-locker Trojans. Users might consider the submission of samples to respectable researchers in case an unlocker's development is possible. In most circumstances, backups on other devices are the best recovery option from Trojans that disrupt digital media.
For uninstallation, Windows users can leverage their favorite PC security programs, most of which should delete the Mijnal Ransomware without trouble. Although these products can't recover files, most Trojans are detectable as threats before their payloads start their attacks.
The Mijnal Ransomware's expectations to make from its campaign are up in the air, even if its victims aren't. With such well-defined tactics, Windows users have all the warnings they need to preserve their work, by backups or otherwise.