Mailto Ransomware
The Mailto Ransomware is a file-locking Trojan and a variant of the Kazkavkovkiz Ransomware. Attacks by threat will block files on your computer, change their extensions, and leave ransom notes for extorting money. Users should ignore ransom demands, have backups prepared for recovery, and let their anti-malware services remove the Mailto Ransomware.
A Slight Changeup in a Small Trojan's Campaign
The threatening software industry isn't very different from legal businesses, concerning the need for evolving with the times. Accordingly, both single Trojans with file-locking attacks and Ransomware-as-a-Service families find themselves getting updated very regularly. The Mailto Ransomware is a good point showing the ever-changing nature of such threats, as a new build of the Kazkavkovkiz Ransomware with just slightly different symptoms.
The Mailto Ransomware is a 32-bit program for Windows that uses the familiar tactic of AES encryption for locking content, just like its ancestor, Kazkavkovkiz Ransomware. The filename makeover that Kazkavkovkiz Ransomware also provides uses a format that's no different from the average Ransomware-as-a-Service or RaaS family remarkably. The feature uses compound strings: the 'mailto' name, a bracketed e-mail address, and a set of random characters. Earlier versions of the Trojan used a four-character sequence for the latter, but the Mailto Ransomware uses five, instead.
The Mailto Ransomware also retains the predecessor's template for a ransom note, which it drops in a Notepad format. Differences include newly-updated e-mails, IDs, and references to the extensions. Malware experts still recommend against paying any demanded ransoms, if possible, although information in the amount or currency remains sparse. Most threat actors insist on non-refundable payments, and, therefore, have limited motivation for keeping their word.
Taking the Urgency Out of Criminal Mail
The Mailto Ransomware uses process injection for compromising other programs' memory processes and running without observation. In theory, it also includes a cleanup routine that uninstalls itself. Users shouldn't bet on this feature working, however, and Trojans with file-locking payloads may arrive in the company of additional threats. Previous examples of note include Mimikatz, a spyware product that's capable of collecting passwords, and other programs amenable to compromising networks.
Neither the Mailto Ransomware nor the Kazkavkovkiz Ransomware has public decryption options at this time. Users who can't recover from backups, as malware experts always recommend, can provide samples to established PC security researchers for probing for any potential unlocking solutions. The Mailto Ransomware's most likely, digital 'victims' include pictures, documents and most other kinds of media.
The Mailto Ransomware is one character away from the Kazkavkovkiz Ransomware, but, more tellingly, a showing of renewed enthusiasm by the threat actors deploying it. Negotiating with criminals over one's files is a situation that everyone should avoid with daily safety practices for countering daily Trojan updates.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.