Mkos Ransomware
The most active ransomware family of 2019 has been the STOP Ransomware family. Malicious actors from all around the world have been making variants of this infamous Trojan throughout the year. There are approximately 200 copies of the STOP Ransomware released in 2019 that are currently lurking the Web. One of the latest copies of the STOP Ransomware is called Mkos Ransomware. Most ransomware threats operate in a similar manner - they would sneakily compromise a system, scan the data that is present on the system in question, apply an encryption algorithm to lock the targeted files, and then blackmail the user into paying them cash in return for a decryption key that will supposedly recover the locked data.
Propagation and Encryption
The majority of data-locking Trojans are propagated via several common infection vectors - torrent trackers, fraudulent application downloads and updates, bogus pirated media and software, etc. However, the most popular propagation method is likely spam emails. Normally, the email would contain a fraudulent message whose goal is to trick the user into opening the attached file. The attachment is usually macro-laced and would serve to infect the targeted PC. Once the threat gets access to the system, it will make sure to perform a brief scan that will locate the files that will later be encrypted by the Mkos Ransomware. Upon completing the scan, the Mkos Ransomware will trigger its encryption process. All the targeted data will be locked with the help of an encryption algorithm. Once the Mkos Ransomware encrypts a file, it will change its name by adding the '.mkos' extension at the end of the filename. This means that a file, which was initially called 'sunset-hill.jpeg,' will be renamed to 'sunset-hill.jpeg.mkos.'
The Ransom Note
Upon locking all the data on the system, the Mkos Ransomware will drop a note called '_readme.txt' that contains the ransom message of the attackers. The note informs users that their data has been locked and provides some additional information. The attackers claim that the victims who successfully contact them within 72 hours of the attacks will have to pay half ($490) of what is the original ransom fee ($980). Users are also told to check their spam box if they do not get a response from the attackers within 6 hours. Unfortunately, most copies of the STOP Ransomware are not decryptable for free. However, the authors of the Mkos Ransomware offer to unlock one file free of charge so that the user is convinced that they have a working decryption key. At the bottom of the ransom note, users will see a uniquely generated victim ID. The attackers provide two email addresses where victims can contact them and receive further instructions - ‘helprestore@firemail.cc' and ‘datarrestore@iran.ir.'
We would advise you strongly against getting in touch with cyber crooks. They will not bat an eye taking your money and will likely never provide you with the decryption application you need to restore your data. This is why you should consider obtaining a legitimate antivirus software tool that will help you remove the Mkos Ransomware from your computer and keep your system safe in the future.
