The MLF Ransomware carries a strong encryption algorithm, which it uses to lock the data of its victims. Like the vast majority of ransomware operations, the threat actors behind the MLF Ransomware are financially motivated, trying to extort their money from the impacted individual users or corporate entities. It should be mentioned that although the MLF Ransomware is a variant from the Phobos malware family, the damage it can cause to the breached devices is significant.
Indeed, victims will be unable to open or use most of their data, such as documents, images, photos, archives, databases, audio and video files, etc. The encrypted files will have their names modified drastically. The threat will add to them an ID string, an email address, and a new extension. The email used by the MLF Ransomware is 'DataRecovery1@cock.li,' while the attached file extension is '.MLF.' Two different ransom notes will be dropped onto the infected systems as 'info.hta' and 'info.txt' files.
The text file contains a very short ransom note, simply telling MLF's victims that they will need to contact the cybercriminals by either messaging the same email address at 'DataRecovery1@cock.li' or their '@Datarecovery1' Telegram account. The main ransom-demanding message is shown in a pop-up window. It reveals that the hackers are supposedly willing to decrypt for free up to three files with a total size of less than 4MB. It also states that only ransom payments made in Bitcoin will be accepted with the exact size of the ransom being based on the time it takes victims to initiate communication with the cybercriminals.
MLF Ransomware's ransom note is:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail DataRecovery1@cock.li
Write this ID in the title of your message -
Our online operator is available in the messenger Telegram: @Datarecovery1
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
The message delivered in the text file is:
!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: DataRecovery1@cock.li.
Our online operator is available in the messenger Telegram:@Datarecovery1'