Mishmash Ransomware

The Mishmash Ransomware exhibits all the signs of a ransomware threat that is undergoing active testing currently. It possesses all of the main characteristics associated with this malware type - Mishmash encrypts the files stored on the compromised system and then demands a payment from its victims in exchange for the restoration of the data. All other aspects of Mishmash, however, are woefully inadequate. In fact, the current version of the threat has already been cracked with infosec researchers determining that the password needed to initiate the decryption of the files is 'pass.' 

The initial version also forgoes to change the names of the files it encrypts, in contrast to nearly all other ransomware threats that mark the files they affected by appending a new files extension to the original names. The ransom note delivered by the threat also shows signs of being a placeholder. It is displayed in a pop-up window and lacks any mention of a way to reach the cybercriminals or the amount of money they demand to receive. Instead, all that the note currently says is that the encrypted files can be 'unprotected' by entering the correct passphrase and that victims should give all of their money to the hackers. The pop-up window also contains a list of all encrypted files.

As we said, victims of Mishmash can restore their data safely by entering the password pass into the appropriate field found in the pop-up window.