Mikel is a ransomware threat designed specifically to encrypt data and extort money from victims. When the Mikel Ransomware breaches a device, it begins to encrypt files and adds a '.mikel' extension to their original filenames. This means that a file named '1.doc' would become '1.doc.mikel' after encryption, while '2.png' would become '2.png.mikel,' and so on. Once the encryption process is completed, a ransom note called 'Mikel_Help.txt' is created to demand payment from the victim. The threat has been confirmed to be a variant of another threat tracked as the Proxima Ransomware.
An Overview of the Mikel Ransomware Demands
The ransom demands left by Mikel clearly indicate that its primary targets are large entities, such as corporations, rather than individual home users. The note indicates that the Mikel Ransomware has not only encrypted but also exfiltrated the victims' files, making the attack a double-extortion scheme. The data collected in this way can include a wide range of sensitive information, including databases, financial records, accounting information, development plans and strategic documents.
The attackers behind Mikel demand that their victims pay a ransom in exchange for the return of their encrypted files. If the victims fail to meet these demands or refuse to pay, the attackers threaten to release the collected data publicly. Furthermore, the attackers warn that they will continue to launch cyberattacks against the victim and impact their website's SEO processes negatively.
To provide some assurance that data recovery is possible, the ransom note offers to decrypt three small files for free. However, victims must pay the ransom to receive the decryption keys for the rest of their files.
Don't Pay the Criminals behind the Mikel Ransomware
Users should not pay cybercriminals responsible for ransomware attacks because it is not only illegal but also supports criminal activities. Ransomware attacks are a form of extortion and paying the ransom fuels the criminals' ability to continue their illegal activities, which puts others at risk.
Furthermore, there is no guarantee that paying the ransom will result in the safe return of the encrypted files or the attackers will not launch another attack. Paying the ransom also establishes the user as a profitable target and may result in further attacks, as well as possibly increasing the ransom amount demanded.
Additionally, paying the ransom encourages the growth of the ransomware industry, which can lead to more sophisticated attacks in the future. Instead of paying the ransom, users should report the incident to law enforcement agencies, seek professional help to remove the ransomware, and invest in robust cybersecurity measures to prevent similar incidents in the future.
The full text of the ransom note left by the Mikel Ransomware is:
'Your data have been Stolen, encrypted and inaccessible
Your critical information has been downloaded, including databases, financial/developmental, accounting, and strategic documents.
The file structure has been changed to unreadable format, but you can recover them all with our tool.
If payment is not made and if we don t hear anything from you for a while, your data will be leaked on TOR darknet and your competitors can have access to your data, we will also attack your company over and over again in the future.
If you want to decrypt all of your data and return your systems to operative state, you require a decryption tool, we are the only ones who own it, and also, if you want your stolen data will be wiped out from our website, you better contact us at the following email addresses:
You can write us to our mailbox:
write this in the email title:
Make sure to include the ID in the email subject line, otherwise we wont answer your emails.
++++ What assurance is provided that we will not deceive you?
It's just a business and we don't pursue any political objectives. We absolutely do not care about you and your data, except getting benefits, money and our reputation are the only things that matters to us. if we do not do our work and liabilities, nobody will cooperate with us which is not in our interests.
Prior to the payment, and to check the ability to return files, you can send us 3 files (under 5MB) of any format that do not include sensitive information. We will decrypt them and send them back to you. That is our guarantee.
If you want the decryption procedure to be effective, DO NOT delete or modify the encrypted files, it will cause issues with the decryption process.
Any organization or individual who asserts they can decrypt your data without paying us should be avoided. They just deceive you and charge you much more money as a consequence; they all contact us and buy the decryption tool from us.
If you do not cooperate with us, it does not matter to us, But you have to accept its consequences:
*Your data will be leaked for free on TOR darknet and your competitors can have access to your data.
*We know exactly what vulnerabilities exist in your network and will inform google about them.
*We are experts in Negative SEO. We will do irreparable harm to your website.
The money we asked for is nothing compare to all of these damages to your business, so we recommend you to pay the price and secure your business, simple.
If you pay, we will give you tips for your security, so it can t be hacked in the future.
besides, you will lose your time and data cause we are the only ones that have the private key. In practice, time is much more valuable than money.'