Threat Database Ransomware MindSystem Ransomware

MindSystem Ransomware

By GoldSparrow in Ransomware

The MindSystem Ransomware is an encryption ransomware Trojan that was observed by malware researchers on August 2017. There are certain elements of the MindSystem Ransomware that make it possible that the MindSystem Ransomware was created for educational or experimental purposes. One possibility related to the MindSystem Ransomware is that this ransomware Trojan was created to train the staff inside a business. The MindSystem Ransomware may have leaked to the outside world. This is not unheard of. There was a previous case, in February 2017, of an encryption ransomware Trojan used for in-house training exercises, which ended up leaking to the outside. Unfortunately, the MindSystem Ransomware can carry out an effective encryption ransomware attack, taking the victim's files hostage to demand a ransom payment in exchange for the decryption key.

The MindSystem Ransomware Doesn’t Need to become a Mind-Blowing Threat

The MindSystem Ransomware is fully functional and can encrypt files using a strong encryption algorithm. The MindSystem Ransomware can be distributed using typical ransomware distribution methods such as exploit kits and spam email attachments. Once the MindSystem Ransomware is installed on a computer, it will run in an executable file named 'MindSystemNotRansomWare.exe' with the following unique signature:

SHA256: efe068c644c96fff2a25a7351da85bad86949878df3c7cad76d83ad2f2c340f

The MindSystem Ransomware, like most other encryption ransomware Trojans, will use the AES 256 encryption to make the victim's files inaccessible. The MindSystem Ransomware will rename the files that are affected by the attack, adding the file extension '.mind' to the file's name. Once the MindSystem Ransomware has encrypted a file, it will no longer be readable, and the victim will can't open it or access it.

The MindSystem Ransomware Attack Process

The MindSystem Ransomware will target the user-generated files with certain file extensions. The file extensions targetedby the MindSystem Ransomware infection are:

3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx, .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .txt, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .cs, .js, .php, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb.

The MindSystem Ransomware delivers a ransom note in an image file named 'file.jpg' and a text file named 'key.txt,' dropped on the infected computer's desktop after encrypting the victim's files. The message delivered by the MindSystem Ransomware contains the following text:

'[Your files has been encrypted by the MindSystem Ransomware]
To Recover them, just use the decryptor with your unique key
For education only! MindSystem 2017'

This message might include a threat and a demand to contact the con artists to pay a large ransom. In this case, it seems like the MindSystem Ransomware is used for educational purposes, and its original users might have had a decryption key to help them recover the affected files.

Protecting Your Computer from Threats Like the MindSystem Ransomware

Unfortunately, the leak of the MindSystem Ransomware means that it is not unlikely that it will be modified to carry out effective attacks. In fact, it would not be difficult at all to use the MindSystem Ransomware for evil purposes rather than for its original educational intents. It would only be a matter of modifying the ransom note to demand that the victim pay a large amount using some anonymous payment method (such as Bitcoins). Ransomware Trojans like the MindSystem Ransomware can be quite destructive since it becomes nearly impossible to restore the affected files to normal. Because of this, it is a necessary measure to have file backups on an external drive or the cloud. Computer users will have a way of restoring the compromised files from a backup, which will undo the entire infection strategy used by these threats.


Most Viewed