Mole66 Ransomware

Posted by Lisa Blanc on April 13, 2018

What is Mole66 Ransomware?

A new variant of the Mole Ransomware has emerged, and it is called Mole66 Ransomware. The name coincides with the extension that is attached to the files that this infection encrypts. Unfortunately, it also encrypts the names of these files, which might make it impossible for you to figure out what was corrupted. Without a doubt, when you are faced with claims that your files were corrupted, the first thing you need to do is check if your files were in fact corrupted because there are so many infections that only pose as encryptors. Unfortunately, the threat we are discussing in this report definitely can corrupt your personal files, which might include photos and text documents. At the time of research, a free decryptor that could help you recover these files did not exist, but Anti-Spyware-101.com analysts are hopeful that it could be created in the future because other threats from the same group – including Mole03 Ransomware and Mole02 Ransomware – had decryptors. Unfortunately, right now, the only thing you can do is delete Mole66 Ransomware, and that is very important.test

How does Mole66 Ransomware work?

You are unlikely to realize when Mole66 Ransomware enters your operating system because this threat can conceal itself and use disguises to slither in. For example, the launcher of this infection could be concealed as a harmless file, and it could be sent to you using a misleading spam email. Without a doubt, you need to stay away from spam emails, and you need to patch all existing security vulnerabilities if you want to ensure that malware does not stand a chance of slithering in. If Mole66 Ransomware gets in, it immediately produces a copy, which can help the infection remain present on your operating system even if you delete the original launcher file. According to our research team, the copy file has PoE (point of execution) in the Windows Registry as well. Once in place, the infection can successfully delete shadow volume copies so that the victim could not restore the operating system and recover the files that are corrupted. The only other file that is created by the infection is _HELP_INSTRUCTIONS_.TXT, and you should find multiple copies of this file in all folders containing corrupted files. Eventually, you will need to erase all of them.

Although Mole66 Ransomware does not encrypt the files that are stored in %WINDIR%, %PROGRAMFILES%, and %PROGRAMFILES(x86)% directories, it can encrypt the most personal files, and that is why some victims are likely to pay attention to the information that is represented via _HELP_INSTRUCTIONS_.TXT. According to the ransom note, if you send the presented ID numbers to alpha2018a@aol.com, you will be able to recover your personal data. That is just a trick to make you communicate with cyber criminals, who will then demand you to pay a ransom. Even if you are promised full decryption of personal files, you must know better than to trust cyber criminals blindly. After all, they have proven how little regard they have for your virtual security, and so it is naive to expect them to help you out. If you do not want to lose your money for no reason, we suggest thinking carefully if fulfilling the demands of the creator of Mole66 Ransomware is the right way to go. Maybe you should focus on removing this malware instead.

How to delete Mole66 Ransomware

If you remove Mole66 Ransomware, your files will not be restored. You need a decryption key for that, and it is unlikely that you can obtain it because cyber criminals are the ones who have it. Although they might promise you to give you the decryptor after you pay the ransom, it is too risky to put your money on the line. As mentioned earlier, it is possible that a free decryptor would be released in the future, but we cannot promise that. Therefore, right now, we suggest focusing on the removal of Mole66 Ransomware. When you eliminate this threat and scan the operating system to check if other threats exist (if they do, you must delete them), you can place the corrupted files in one folder for safe keeping. When it comes to removal, using anti-malware software is recommended because it also can protect the system, but some users might be able to get rid of the threat manually using the instructions below.

Removal Instructions

  1. Right-click the {unknown launcher name}.exe file (its location is random).
  2. Simultaneously tap Win+E to launch Explorer.
  3. Enter %ALLUSERSPROFILE% into the bar at the top.
  4. Right-click and Delete the copy file, {random name}.exe.
  5. Simultaneously tap Win+R keys to launch RUN.
  6. Type regedit.exe into the dialog box and click OK to access Registry Editor.
  7. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  8. Right-click and Delete the malicious {random name} value that represents the ransomware.
  9. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run and then follow step 8.
  10. Right-click and Delete the file named _HELP_INSTRUCTIONS_.TXT (delete all copies).
  11. Empty Recycle Bin to eliminate the malicious components.
  12. Install a trusted malware scanner to check if you need to delete anything else. 100% FREE spyware scan and
    tested removal of Mole66 Ransomware*

Stop these Mole66 Ransomware Processes:

BC0EBCF2F2.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *