'.Mercury File Extension' Ransomware

'.Mercury File Extension' Ransomware Description

The '.Mercury File Extension' Ransomware is a file-locker Trojan that can make your media, such as documents, unopenable by encrypting it with an unknown algorithm. Attack reports are suggesting that this Trojan's campaign is focusing on Asian countries and might be using social engineering exploits, such as custom e-mail links, that are appropriate for that region. The presence of anti-malware tools can assist with deleting the '.Mercury File Extension' Ransomware safely at any point while backup strategies can keep your files out of danger.

A Planetary Problem in Sight for Asia

Residents of Japan and China are submitting reports of attacks by a new file-locker Trojan with no immediate resemblance to a thoroughly-examined family like EDA2 or the Scarab Ransomware. An unusual part of the payload of this threat, the '.Mercury File Extension' Ransomware, is its choice of data for locking, which doesn't limit itself to simple pictures, documents and other media. While the different encryption setup of the '.Mercury File Extension' Ransomware may be coincidental, it also might indicate the Trojan's intention of denying the user's access to features and applications on a broad basis.

Another characteristic that malware experts find noteworthy is the '.Mercury File Extension' Ransomware's cross-OS compatibility. It can be executed on both Windows and Mac systems, which is a rare feature for most file-locking Trojans. Once it's system-persistent, the '.Mercury File Extension' Ransomware encrypts, not just media like documents and images, but also script-based BAT files. Another, more technical addition is that static marker that the Trojan injects into the encrypted data.

The '.Mercury File Extension' Ransomware's name references the extension that it adds into the filenames of what it locks. Another symptom is the depositing of a Notepad message, which is in poorly-translated English. This ransoming message is customized to the '.Mercury File Extension' Ransomware's campaign but, in most respects, is similar to those of a RaaS family like the Globe Ransomware, and gives the user e-mail addresses and IDs for negotiating over the unlocking solution.

Taking Your Computer Out of the '.Mercury File Extension' Ransomware's Orbit

Exploit kits that use zero-day vulnerabilities or ones that the victims have yet to patch, torrent file-sharing networks, malvertising, spam e-mails, and brute-force attacks are some of the methods that threat actors use for dropping file-locker Trojans. Although malware analysts can't verify any, single one of these attacks as being part of the '.Mercury File Extension' Ransomware's campaign, it's likely that one or more of them are in use. Updating software, disabling vulnerable features while browsing the Web, using secure credentials, and scanning all downloads are possible defenses against the '.Mercury File Extension' Ransomware.

The encryption method that the '.Mercury File Extension' Ransomware uses isn't known, although victims may help with further research by giving samples to appropriate cyber-security researchers. Users shouldn't assume that all file-locking attacks are curable; many encryptions are permanent, without the threat actor's help. Accordingly, removing the '.Mercury File Extension' Ransomware as soon as possible with an anti-malware service and having a backup to fall back onto are the foundations of any recovery solution.

The '.Mercury File Extension' Ransomware may be keeping its attacks on Asia, as of early December, but this statistical trend may change at any time. Keeping your digital media safeguarded is the concern of virtually everyone with an Internet connection and any work that's worth saving.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '.Mercury File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: December 11, 2018
Home Malware Programs Ransomware '.Mercury File Extension' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.