Threat Database Ransomware MOLE66 Ransomware

MOLE66 Ransomware

By GoldSparrow in Ransomware

The MOLE66 Ransomware is an encryption ransomware Trojan that PC security researchers first reported in March of 2018. The MOLE66 Ransomware is a variant of CryptMix, a ransomware family known with various names, including CryptMix and CryptoShield. There is little to differentiate the MOLE66 Ransomware from the many other variants in this threat family. The MOLE66 Ransomware, like other encryption ransomware Trojans, is designed to take victims' files hostage, preventing the victims from accessing their data and then demanding a ransom payment from the victims to restore access to the affected files.

A Quick Explanation about the MOLE66 Ransomware Attack

The MOLE66 Ransomware, the latest variant in the CryptoMix family, will use a strong AES 256 encryption algorithm to make the victim's files inaccessible. The MOLE66 Ransomware is delivered to the victim's computer via spam email messages containing corrupted attachments that download and install the MOLE66 Ransomware through the use of embedded macro scripts initially. The MOLE66 Ransomware will encrypt the user-generated files on the victim's computer while avoiding the Windows system files and the victims' applications. The file types that may be compromised during the MOLE66 Ransomware attack, as well as by variants in its same threat family include:

.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.

One can recognize the files encrypted by the MOLE66 Ransomware attack easily because the MOLE66 Ransomware will mark them by adding the file extension '.MOLE66' to the end of each affected file's name. The MOLE66 Ransomware will make the files encrypted by its attack show up in Windows Explorer as blank files, and they will not be readable by the victim's computer.

How the MOLE66 Ransomware Demands Its Ransom Payment

Attacks like the MOLE66 Ransomware function by threatening the computer users with the permanent loss of their files, via a ransom note delivered to the victim's computer. The MOLE66 Ransomware's ransom note takes the form of a text file named '_HELP_INSTRUCTIONS_.TXT,' dropped onto the affected computer's desktop. The following is the content of the MOLE66 Ransomware ransom note:

'!!!All your files are encrypted!!!
What to decipher write on mail alpha2018a@aol[.]com
Do not move or delete files!!!!
---- Your ID: [37 RANDOM CHARACTERS] ----
!!! You have 3 days otherwise you will lose all your data.!!!'

The MOLE66 Ransomware is associated with several email accounts, apart from the one included in the MOLE66 Ransomware ransom note. The victims of the MOLE66 Ransomware attack will be asked to pay hundreds or even thousands of dollars to a Bitcoin Wallet address in exchange for the decryption key. However, this is not the course of action recommended by PC security analysts because the people responsible these attacks, in most of the cases, will not help the victims recover their files even if the ransom is paid.

Protecting Your Data from Threats Like the MOLE66 Ransomware

The best protection against ransomware Trojans like the MOLE66 Ransomware is to have the ability to restore your files in case they are encrypted. Unfortunately, the encryption used by these attacks is quite strong, and the files encrypted by the MOLE66 Ransomware and similar threats are not recoverable with current technology. This is why computer users must have file backups on places unreachable by the threat so that the files encrypted by threats like the MOLE66 Ransomware can be simply deleted and replaced with a backup copy. Apart from file backups, computer users are advised to install a strong security program that is fully up-to-date to intercept these infections and avoid tons of problems.


Most Viewed