Threat Database Ransomware Mircop Ransomware

Mircop Ransomware

By GoldSparrow in Ransomware

The Mircop Ransomware is a ransomware threat that has been associated with several other threats discovered recently such as the Anonpop and TowerWeb Ransomware. The Mircop Ransomware claims to be the victim in the attack, supposedly demanding retribution from its victims. This is not a commonly seen social engineering technique observed in other ransomware threats, which tend to use several methods to trick inexperienced computer users into handing over their money. In the case of the Mircop Ransomware, the victim is accused of stealing 48.84 Bitcoin. It is important to understand the nature of the Mircop Ransomware attack and to remove this threat from the infected computer with the help of a reliable, fully updated anti-malware application immediately.

The Cop that You Want as Far as Possible

The Mircop Ransomware displays an image and a ransom note of a hooded person with a Guy Fawkes mask, which has been linked for a long time to Anonymous. According to the Mircop Ransomware's curious ransom note, the victim 'knows how to return the money and who to send the ransom to.' Curiously, the Mircop Ransomware contains little guidance about payment. It is likely that the purpose of the Mircop Ransomware is more to harass or prank rather than to generate profits at the expense of computer users.

The Absurd Accusations of the Mircop Ransomware

According to the Mircop Ransomware's ransom note, the victim would have stolen about $30000 USD, a very high amount when it comes to these attacks. Supposedly, the Mircop Ransomware threatens more actions if the victim does not pay. The Mircop Ransomware includes a BitCoin address. However, unlike most ransomware Trojans that include instructions on how to carry out these BitCoin transactions, the Mircop Ransomware contains absolutely no information in this regard. PC security analysts have monitored this BitCoin address, and it seems that no payment has been made to the Mircop Ransomware as of the writing of this report.

Delivery Methods that may be Used by the Mircop Ransomware

The Mircop Ransomware may be distributed using corrupted email attachments contained in spam email messages. The email message that has been linked to the Mircop Ransomware attacks specifically claims to be associated with Thai customs, supposedly related to the import and export of goods. The document claims that it is necessary to enable macros to sign it. However, enabling macros allow the Mircop Ransomware to abuse Windows Powershell to execute the Mircop Ransomware executable file.

How the Mircop Ransomware may Infect the Victim’s Computer

After the corrupted document is opened, the Mircop Ransomware drops three corrupted files on the victim's computer:


The first of these is used to collect data from the infected computer. The other two are used to encrypt files. Although the Mircop Ransomware does encrypt files, it adds the string 'Lock.' at the beginning of the file or folder name. The Mircop Ransomware has a substantial information-collecting component. The Mircop Ransomware will collect passwords and data from several applications, including Google Chrome, Mozilla Firefox, Opera, Skype and FileZilla. The Mircop Ransomware combines information collecting with a ransomware attack, in a way similar to CryptXXX, one of the first ransomware threats to combine these two attacks.

Preventing Attacks from Threats Such as the Mircop Ransomware

Despite its quirky ransom message and method, the Mircop Ransomware does represent a real threat to the computer users' data and machines. Because of this, computer users should avoid becoming a victim of this attack. Malware researchers strongly advise computer users to protect their machines with a reliable, fully updated anti-malware program. All files should be backed up on an off-site drive or the cloud. However, the best preventive method is to avoid opening unsolicited email attachments in the first place and use a good anti-spam filter to ensure that spam emails containing threats like the Mircop Ransomware are not delivered to the victim's inbox.


Most Viewed