Mpag Ransomware

Mpag Ransomware Description

Cybersecurity researchers have found another powerful ransomware variant belonging to the STOP/Djvu malware family. The threat is tracked as the Mpag Ransomware and is capable of causing significant damage to the computers it manages to infect successfully. Like most ransomware threats, Mpag also is equipped with encryption capabilities that will leave vast amounts of the victim's data in an unusable state. In essence, affected users will no longer be able to open their documents, photos, archives, databases, PDFs and other commonly used files.

Each encrypted file will have its name modified, as the threat appends '.mpag' to the original names of the affected data. Another change caused by the Mpag Ransomware includes the creation of a text file named '_readme.txt.' This file is tasked to carry a ransom note with instructions from the threat actors responsible for spreading the malware.

Ransom Note's Details

Generally, the ransom-demanding message dropped by the Mpag Ransomware closely resembles the ransom notes of other STOP/Djvu variants. The operators of the Mpag Ransomware do not reveal the exact amount of the ransom they demand to be paid. However, they have kept the usual offer associated with this ransomware family that users who initiate communication within the first 72 hours will get a 50% discount on the demanded price. Affected users also can send a single encrypted file to be unlocked or free. The ransom note contains two email addresses that can be used for this purpose. The main email appears to be 'helpmanager@mail.ch' while 'helpdatarestore@firemail.cc' had been designated as a reserve address.

The full text of the hacker's instructions is:

'ALL YOUR FILES ARE ENCRYPTED

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Discount 50% available if you contact us first 72 hours.

To get this software you need write on our e-mail:
helpmanager@mail.ch

Reserve e-mail address to contact us:
helpdatarestore@firemail.cc

Your personal ID:'

Related Posts