Mimicry Ransomware

What is Mimicry Ransomware?

Mimicry Ransomware might not look like much of a dangerous threat until it unleashes its malicious spell upon your computer. Perhaps you can already tell from its name that this program has something to do with a ransom.

The point is that this infection holds your files “hostage” until you supposedly transfer the ransom fee. However, we would like to point out that paying the ransom does not guarantee this program would “release” your files. Hence, you should focus on removing Mimicry Ransomware from your system, and the idea of paying the ransom should not even cross your mind.

Where does Mimicry Ransomware come from?

Our research team has found that Mimicry Ransomware is a new version of Shiva Ransomware. In turn, Shiva Ransomware was based on the Hidden Tear Ransomware infection. Hidden Tear Ransomware is an open-source ransomware. It means that its code is available for the public (provided you know where you look for it), and once you get a hold of the malicious code, you can customize it the way you want to create your own program. This is how Shiva Ransomware was developed, and how Mimicry Ransomware came to being, too.

It is very unfortunate that knowing the origins of the program does not help us much with decrypting the damaged files. If there is a public decryption tool available for Shiva Ransomware, you can try and see if it works on Mimicry Ransomware. However, the chances are that it won’t work at all. The decryption tools for these infections are often unique, and we seldom can use the same code for two different infections. Although we cannot use the same code to decrypt the affected files, it is still possible to avoid getting infected with Mimicry Ransomware if we know how to recognize the first alarming signs.

Ransomware programs usually get distributed via spam email attachments. The files you receive from unfamiliar senders might as well infect you with dangerous programs, so you should never open them without any second thought. Of course, for the most part, spam email gets filtered into the Junk folder, and you probably do not see 80% of the trash you receive. However, these days, some of the spam messages are really sophisticated, and they could get into your main inbox, too. These emails might look like online shopping invoices or some financial reports, so sometimes users do not think twice before downloading these files because everything looks normal. Unfortunately, the moment they open those files, Mimicry Ransomware slithers into their systems.

What does Mimicry Ransomware do?

There is nothing unusual about the way Mimicry Ransomware behaves. It does everything you would expect a regular ransomware infection to do.

First, it scans the infected system looking for the files it can encrypt. It is very seldom that a ransomware program encrypts every single file on the computer. Usually, ransomware infections skip system files because they still need to your computer to run properly. Mimicry Ransomware does the same. The program will encrypt most of the files it can find in the %UserProfile% directory. And all the encrypted files will get an additional appendix to their usernames. For instance, a dog.jpg filename would look like dog.jpg.good after the encryption. Aside from encrypting your files, the infection also drops the ransom note that says the following:

Your important files are now encrypted due to a security problem with your PC!
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.

As mentioned, contacting these criminals does not guarantee that they would really issue the decryption key. If anything, they might just collect the payment and make a run for it. Therefore, please ignore the ransom note, and simply remove Mimicry Ransomware from your computer.

How do I remove Mimicry Ransomware?

It is a lot easier to remove this infection than you might think. You just need to delete the file that launched the program. You may also have to remove the ransom note file. If you think that there are malicious files left on your system, you can always scan it with the SpyHunter free scanner. For more questions, please feel free to leave us a comment below.

Manual Mimicry Ransomware Removal

  1. Navigate to your Downloads folder.
  2. Locate the most recently downloaded files.
  3. Remove the said files.
  4. Delete the HOW_TO_RECOVER_FILES.txt ransom note.
  5. Run a full system scan with a security tool. 100% FREE spyware scan and
    tested removal of Mimicry Ransomware*

Leave a Comment

Enter the numbers in the box to the right *