miK Ransomware

The miK Ransomware is n injurious threat that appears to be targeting Russian-speaking users specifically. All three of the malware's ransom notes are written in Russian entirely and do not offer translations into any other languages. In fact, if the infected computers do not have the Cyrillic font installed, at least one of the ransom-demanding messages will appear as an incomprehensible mess of symbols.

As for its threatening functionality, the miK Ransomware is equipped with an encryption routine that can lock a large number of different file types. The threat's victims will lose their access to the affected files, and be locked out of important documents, work projects, databases, archives and more effectively. Furthermore, each encrypted file will have '.miK' appended to its original name as a new file extension.

Ransom Note's Details

To ensure that the affected users will notice its instructions, the miK Ransomware delivers its message in three different forms. First, a text file named 'ДЕШИФРАТОР.txt will be created on the device. Then, the desktop background will be changed to an image provided by the threat. Finally, the same ransom note also will be shown to the victim in a pop-up window.

As we said, all three messages are in Russian. Translating them reveals that they simply instruct affected users to contact the attackers to receive additional instructions. The notes also mention that upon paying the demanded ransom, users will receive a decryptor tool. The only communication channel mentioned in the messages is the 'MAYAKOVSKY@ACTIVIST.COM' email address.

The text of the miK Ransomware messages:

'МАЯКОВСКИЙ БЛОК АРТЪ
ИНФОРМАЦИОННО ШИФРУЮЩИЙ БЮЛЛЕТЕНЬ № 4720619

Твой комп зашифрован, пока ты рябчиков ел
не бойся товарищъ do not беспредел
файл твой вернётся ,без нервов, пойми,
сделаешь взнос, дадим декрипты.

ДЕНЬГИ ПРИШЛИ - ПРИШЛЁМ ДЕШИФРАТОР
НЕ ЖМИСЬ БАБЛОМ ЭКСПЛУАТАТОР !

Адрес редакции: MAYAKOVSKY@ACTIVIST.COM

ДЕШИФРАТОР'