Myskle Ransomware

Cybersecurity researchers have come across a new data-encrypting Troja recently. This threat was given the name Myskle Ransomware. It is likely that this new ransomware threat is a variant of the well-established STOP Ransomware.

It is not yet clear what infection vector is employed by the cyber crooks responsible for the Myskle Ransomware, but malware experts believe that this file-locking Trojan may be propagated via spam emails containing infected attachments, bogus software updates and corrupted pirated content. Once the Myskle Ransomware penetrates a system successfully, it begins the attack with a scan. The idea behind the scan is to locate the files, which are targeted for encryption. After completing the scan and locating the desired files, the Myskle Ransomware would begin encrypting them. This threat adds an extension at the end of the name of the newly locked files – ‘.myskle.’ This means that when the Myskle Ransomware encrypts a file, which was named ‘golden-watch.mp3’ originally, it changes its name to ‘golden-watch.mp3.myskle.’ When this step of the attack is completed, the Myskle Ransomware will drop a ransom note.

Since it is speculated that the Myskle Ransomware belongs to the STOP Ransomware family, it is likely that this threat follows the pattern of most STOP Ransomware variants and its ransom note is likely called ‘_readme.txt.’ It is believed that the email, which the attackers provide their victims with is ‘gorentos@bitmessage.ch’ as this has been a reoccurring pattern in the STOP Ransomware family.

We advise you strongly to avoid contact with cybercriminals like the creators of the Myskle Ransomware. Instead, you should obtain a legitimate anti-virus suite, which would keep your system safe.