'.Mercury File Extension' Ransomware

The '.Mercury File Extension' Ransomware is a file-locker Trojan that can make your media, such as documents, unopenable by encrypting it with an unknown algorithm. Attack reports are suggesting that this Trojan's campaign is focusing on Asian countries and might be using social engineering exploits, such as custom e-mail links, that are appropriate for that region. The presence of anti-malware tools can assist with deleting the '.Mercury File Extension' Ransomware safely at any point while backup strategies can keep your files out of danger.

A Planetary Problem in Sight for Asia

Residents of Japan and China are submitting reports of attacks by a new file-locker Trojan with no immediate resemblance to a thoroughly-examined family like EDA2 or the Scarab Ransomware. An unusual part of the payload of this threat, the '.Mercury File Extension' Ransomware, is its choice of data for locking, which doesn't limit itself to simple pictures, documents and other media. While the different encryption setup of the '.Mercury File Extension' Ransomware may be coincidental, it also might indicate the Trojan's intention of denying the user's access to features and applications on a broad basis.

Another characteristic that malware experts find noteworthy is the '.Mercury File Extension' Ransomware's cross-OS compatibility. It can be executed on both Windows and Mac systems, which is a rare feature for most file-locking Trojans. Once it's system-persistent, the '.Mercury File Extension' Ransomware encrypts, not just media like documents and images, but also script-based BAT files. Another, more technical addition is that static marker that the Trojan injects into the encrypted data.

The '.Mercury File Extension' Ransomware's name references the extension that it adds into the filenames of what it locks. Another symptom is the depositing of a Notepad message, which is in poorly-translated English. This ransoming message is customized to the '.Mercury File Extension' Ransomware's campaign but, in most respects, is similar to those of a RaaS family like the Globe Ransomware, and gives the user e-mail addresses and IDs for negotiating over the unlocking solution.

Taking Your Computer Out of the '.Mercury File Extension' Ransomware's Orbit

Exploit kits that use zero-day vulnerabilities or ones that the victims have yet to patch, torrent file-sharing networks, malvertising, spam e-mails, and brute-force attacks are some of the methods that threat actors use for dropping file-locker Trojans. Although malware analysts can't verify any, single one of these attacks as being part of the '.Mercury File Extension' Ransomware's campaign, it's likely that one or more of them are in use. Updating software, disabling vulnerable features while browsing the Web, using secure credentials, and scanning all downloads are possible defenses against the '.Mercury File Extension' Ransomware.

The encryption method that the '.Mercury File Extension' Ransomware uses isn't known, although victims may help with further research by giving samples to appropriate cyber-security researchers. Users shouldn't assume that all file-locking attacks are curable; many encryptions are permanent, without the threat actor's help. Accordingly, removing the '.Mercury File Extension' Ransomware as soon as possible with an anti-malware service and having a backup to fall back onto are the foundations of any recovery solution.

The '.Mercury File Extension' Ransomware may be keeping its attacks on Asia, as of early December, but this statistical trend may change at any time. Keeping your digital media safeguarded is the concern of virtually everyone with an Internet connection and any work that's worth saving.