Home Malware Programs Ransomware Mike Ransomware

Mike Ransomware

Posted: October 10, 2019

The Mike Ransomware is a file-locking Trojan that is a possible variant of the HildraCrypt Ransomware. Although many aspects of this Trojan, including its ransom note, resemble the attacks of the STOP Ransomware family, it uses a different encryption method. Users still should have their backups prepared for re-securing any blocked content, as well as anti-malware services for removing the Mike Ransomware from the computer.

An Odd Copy-Paste Job, or a Trojan Family's Turnover

While large-scale changes in Ransomware-as-a-Service families aren't highly frequent, when they do occur, they're events worthy of notice. One such example is STOP Ransomware, which received significant updates for re-securing its cryptography after old database leaks, as well as recently-enacted, strict version control. Now, it might be taking another step in its development, with the unassuming name of Mike Ransomware.

The Mike Ransomware isn't a valid variant of STOP Ransomware, since its encryption, and file-marking behaviors, and other functions are very different from that family. However, it still uses encryption for locking files, appends extensions onto them ('mike,' in this instance), and leaves text ransom notes. Malware experts note some similarities between the Mike Ransomware and HildaCrypt Ransomware, which might indicate that the former is a remix or successor of the latter.

The truly odd-fitting piece of the Mike Ransomware puzzle is its TXT ransoming message. Although it's far from strange for a file-locking Trojan to copy an instructions template from another family, the Mike Ransomware also includes the same, traditional Bitmessage and e-mail addresses as the STOP Ransomware's members. Such a failure at updating the negotiating channels can be an oversight by the threat actor. Or it can be the first sign that the STOP Ransomware is nearing retirement, in favor of the Mike Ransomware and the HildaCrypt Ransomware releases.

Keeping the Trojan Evolutionary Process Well Away from Your Files

While there are two possible answers to the mystery of the Mike Ransomware's payload, this Windows Trojan also harbors some unique details that can be of interest, regardless of its RaaS business connections or the lack of them. It includes a 'failsafe' function for deleting files that it doesn't block with encryption as intended. It also is .NET Framework-based, unlike the STOP Ransomware. Also, unlike that family, it dispenses with any Command & Control communications, which reduces its infrastructural overhead noticeably.

Although the Mike Ransomware isn't very well-programmed or complicated technically, it performs the same tasks, and represents similar dangers, as Trojans of its type. Users should back their work up to a secure place for preserving it from encryption attacks, which tend to be difficult or impossible to reverse. Although free decryptors see releases, occasionally, malware experts find no noteworthy vulnerabilities in the Mike Ransomware cryptography that might lead to a solution soon.

Users also can protect themselves by disabling document or spreadsheet macros, deactivating RDP features, and avoiding illegal download sources. Most anti-malware programs also can catch and delete these threats and should remove the Mike Ransomware automatically when it's appropriate.

The Mike Ransomware is a more-than-typically-interesting sample of a Trojan whose code and note don't match each other. But then, looks can be deceiving, especially when underground software gets involved.

Related Posts

Loading...