RansomMine Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 3 |
First Seen: | May 18, 2022 |
Last Seen: | August 30, 2022 |
OS(es) Affected: | Windows |
The RansomMine Ransomware is an encryption ransomware Trojan that was first observed on December 2, 2017. The RansomMine Ransomware is one of the many variants of HiddenTear that are active currently. HidenTear is an open source ransomware platform that has been around since August 2015 and has been responsible for the appearance of countless variants. HiddenTear's code is freely available on the Dark Web, allowing the cybercrooks to create clones of HiddenTear easily. The RansomMine Ransomware is just one of the countless variants of this ransomware threat. The RansomMine Ransomware is designed to target computer users in Korea, although there is nothing to stop the RansomMine Ransomware from spreading to computer users outside of this region.
The Consequences of a RansomMine Ransomware Infection
The RansomMine Ransomware uses a combination of the RSA and AES encryptions to make the victim's files inaccessible. The RansomMine Ransomware will encrypt media files and a wide variety of document formats in its attack, as well as numerous other user-generated files. The RansomMine Ransomware will mark the files encrypted by the attack by adding the file extension 'RansomMine' to the end of each affected file's name. Once the RansomMine Ransomware encrypts a file, it will be inaccessible and will show up as a blank icon on the Windows operating system. The RansomMine Ransomware seems to have been created as a prank or a way to harass computer users rather than generating illicit revenue. The RansomMine Ransomware's ransom note states that the victim's files will be decrypted after the victim plays Minecraft (a popular PC game) for one hour, on its version 1.11.2. The RansomMine Ransomware's ransom note is delivered in Korean and reads as follows:
'경고
답스외 파일이 모두 암호화되었습니다.
1. 이게 무슨 소리야?
당신외 동영상, 사진, 문서, 등이 암호화가 되었습니다. 이 프로그램은 갑력한 알고리즘을 사용함으로 이 프로그램이 없으면 복구할수 없습니다.
2. 그럼 어떻게 히I야합니까?
아주간단합니다. 마인크래프트를 1시간이상욺 플레이해야합니다.(단 1.11.2버전으로해야하며 그니다). 그러면 자동으로 복호화틀 진 합니다.
그리고 목호화키는 고정이니 련선웨어처럼 꺼도 복구가 8가능하는 것은 아닙니다!
[암호화된 파일 리스르]
-상타l-
마인크래프트가 실행도이 있지 않음
---
'프로그은오직 장난용으로만뚤었으며 이 프로그임을다른사&01게 사용체서 발생한문제들은책임지지 않'
The above text, translated into English, reads:
'warning
All external files are encrypted.
1. What is this?
Your videos, photos, documents, etc. have been encrypted. This program uses a secure algorithm and data can't be recovered without this program.
2. What do I do?
It is very simple. You must play Minecraft for at least 1 hour (but only version 1.11.2) and it will automatically decode.
And the static key is fixed, but it does not mean that it can be recovered even if it is removed like a hardware component!
-Santa l-
MineCraft does not run
---
The program is only for jokes and it is not for designed to cause any problems that occur with other programs.'
Although computer users can recover their files from a backup copy, it seems that the RansomMine Ransomware does monitor the infected computer's processes to ascertain whether Minecraft 1.11.2 was played for the required amount of time.