Threat Database Ransomware RansomMine Ransomware

RansomMine Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: May 18, 2022
Last Seen: August 30, 2022
OS(es) Affected: Windows

The RansomMine Ransomware is an encryption ransomware Trojan that was first observed on December 2, 2017. The RansomMine Ransomware is one of the many variants of HiddenTear that are active currently. HidenTear is an open source ransomware platform that has been around since August 2015 and has been responsible for the appearance of countless variants. HiddenTear's code is freely available on the Dark Web, allowing the cybercrooks to create clones of HiddenTear easily. The RansomMine Ransomware is just one of the countless variants of this ransomware threat. The RansomMine Ransomware is designed to target computer users in Korea, although there is nothing to stop the RansomMine Ransomware from spreading to computer users outside of this region.

The Consequences of a RansomMine Ransomware Infection

The RansomMine Ransomware uses a combination of the RSA and AES encryptions to make the victim's files inaccessible. The RansomMine Ransomware will encrypt media files and a wide variety of document formats in its attack, as well as numerous other user-generated files. The RansomMine Ransomware will mark the files encrypted by the attack by adding the file extension 'RansomMine' to the end of each affected file's name. Once the RansomMine Ransomware encrypts a file, it will be inaccessible and will show up as a blank icon on the Windows operating system. The RansomMine Ransomware seems to have been created as a prank or a way to harass computer users rather than generating illicit revenue. The RansomMine Ransomware's ransom note states that the victim's files will be decrypted after the victim plays Minecraft (a popular PC game) for one hour, on its version 1.11.2. The RansomMine Ransomware's ransom note is delivered in Korean and reads as follows:

답스외 파일이 모두 암호화되었습니다.
1. 이게 무슨 소리야?
당신외 동영상, 사진, 문서, 등이 암호화가 되었습니다. 이 프로그램은 갑력한 알고리즘을 사용함으로 이 프로그램이 없으면 복구할수 없습니다.
2. 그럼 어떻게 히I야합니까?
아주간단합니다. 마인크래프트를 1시간이상욺 플레이해야합니다.(단 1.11.2버전으로해야하며 그니다). 그러면 자동으로 복호화틀 진 합니다.
그리고 목호화키는 고정이니 련선웨어처럼 꺼도 복구가 8가능하는 것은 아닙니다!
[암호화된 파일 리스르]
마인크래프트가 실행도이 있지 않음
'프로그은오직 장난용으로만뚤었으며 이 프로그임을다른사&01게 사용체서 발생한문제들은책임지지 않'

The above text, translated into English, reads:

All external files are encrypted.
1. What is this?
Your videos, photos, documents, etc. have been encrypted. This program uses a secure algorithm and data can't be recovered without this program.
2. What do I do?
It is very simple. You must play Minecraft for at least 1 hour (but only version 1.11.2) and it will automatically decode.
And the static key is fixed, but it does not mean that it can be recovered even if it is removed like a hardware component!
-Santa l-
MineCraft does not run
The program is only for jokes and it is not for designed to cause any problems that occur with other programs.'

Although computer users can recover their files from a backup copy, it seems that the RansomMine Ransomware does monitor the infected computer's processes to ascertain whether Minecraft 1.11.2 was played for the required amount of time.


Most Viewed