MrWhite Ransomware

Researchers have uncovered a new ransomware variant known as MrWhite. Upon execution, this threatening program encrypts files on the victim's system. It changes their filenames to include a unique ID assigned to the victim, the cyber criminals' email address and a '.MrWhite' extension. After encryption is complete, the MrWhite creates a ransom note in a text file called 'Dectryption-guide.txt.' The threat has been identified as belonging to the VoidCrypt Ransomware family.

The Demands In MrWhite Ransomware's Note

The MrWhite Ransomware victims are instructed to contact the attackers and make a ransom payment. Two email addresses are provided for this purpose - 'imsystemsavior@gmail.com' and 'backupsystemsavior@proton.me.' However, it should be noted that paying any amount of money to cybercriminals does not always guarantee data recovery. In fact, many victims have reported not receiving any decryption keys or software, despite meeting the attackers' demands.

To prevent further damage from the MrWhite Ransomware, it must be removed from the operating system. Unfortunately, removal will not restore already affected files; the only way to recover them is through a backup stored elsewhere if one was created prior to infection. Attempting to rename/modify encrypted data, using third-party decryption tools, or reinstalling the operating system can result in permanent data loss.

How to Protect Your Devices from Threats Like the MrWhite Ransomware?

As more of us transition to a fully digital world, protecting your devices and data against ransomware has become more critical than ever. Ransomware is one of the most common examples of threatening software, and it can be used to lock away your information until a ransom is paid.

Backing up important data should be part of everyone's routine—including both personal and professional data—in case any issue arises, like ransomware attacks or hardware malfunctions, etc. Make sure to store backups in multiple locations, such as an external hard drive, cloud storage or an online backup service provider.

In addition, ransomware often gets into your system by exploiting weaknesses in a computer's operating system or other software that you have installed on it. Keeping your system up-to-date with the latest patches and security updates will help close any loopholes that could be exploited by ransomware.

The ransom note delivered by the MrWhite Ransomware is:

'Your Files Are Has Been Locked

Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email

Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored

Get Decryption Tool + RSA Key AND Instruction For Decryption Process

Attention:

1- Do Not Rename or Modify The Files (You May loose That file)

2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )

3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files

Your Case ID :-

OUR Email :imsystemsavior@gmail.com
in Case of no answer: backupsystemsavior@proton.me'