Home Malware Programs Ransomware Mich78 Ransomware

Mich78 Ransomware

Posted: July 19, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 42
First Seen: July 19, 2017
Last Seen: February 19, 2023
OS(es) Affected: Windows

The Mich78 Ransomware is a Trojan that extorts money from any victims after locking their files with encryption. Although malware experts still are determining its overall family, if any exists, you still may protect your digital content by backing it up to a secondary drive or server for later restoration. Standardized anti-malware protection also may block the Mich78 Ransomware preemptively or, less ideally, desinfect your PC after the attack.

The Importance of Wording in Illicit Negotiations

Even Trojans without new features of any technical profundity can offer innovations in other ways, such as the psychologically manipulative techniques they use against the people they attack. Regarding the second, malware analysts are outlining the Mich78 Ransomware, a recently-detected threat whose campaign has just begun. While sample analysis is inconclusive about the full nature of its payload, what's certain is that the Mich78 Ransomware tries to extort money from PC users by blocking their files and uses subtly deceiving arguments for doing so.

The Mich78 Ransomware may compromise a PC by pretending to be an attachment to an e-mail, such as an invoice, or install itself through the victim's Web browser, generally, with the help of another threat like the RIG Exploit Kit. It follows this access with various attacks, three of which malware analysts have finished confirming as working:

  • The Mich78 Ransomware scans for media and encrypts different formats of it, including documents, pictures or spreadsheets. The algorithm that the Mich78 Ransomware uses is unidentified; examples of favorite ciphers with threats of the same type include XOR, AES-128, and RSA.
  • The Mich78 Ransomware overwrites the name of every blocked file, and, additionally, inserts an extension that displays the threat actor's e-mail address inside brackets.
  • To profit from the attack, the Mich78 Ransomware generates a text file asking the reader to contact the address and pay Bitcoins for help with decrypting their content. Although elaborate and relatively informative, the Mich78 Ransomware's message goes to great lengths to avoid specifying the above communications as being extortion and even implies that seeking help elsewhere can make the victim vulnerable to con artists. The threat actors, apparently, are hoping to convince any readers that the transaction is proceeding through legal channels, although they don't use the name of a well-known organization like Microsoft.

Giving a Trojan's Word the Disrespect It Deserves

Anyone taking the Mich78 Ransomware's words at their appearance will find that its preferred payment option, Bitcoins, can be accepted by a con artist without any possibility of refund protection for the 'buyer.' The Mich78 Ransomware's author does offer a limited trial of his decryption service, although malware experts recommend using free decryption programs before depending on a threat actor's help. Data recovery also is always (and, sometimes, only) possible through a remotely-saved backup.

The Mich78 Ransomware infections are in limited supply, and malware analysts are unable to verify its mode of circulation. A majority of targets of file-encrypting attacks use e-mail spam, browser vulnerabilities or brute-force attacks. Diligent password management, cautious Web-browsing settings, and anti-malware scans of all downloads can eliminate all of these infection vectors before any encryption happens. After the fact, always use dedicated anti-malware programs for the safest means of uninstalling the Mich78 Ransomware, which may be bundling with other threats.

For all the care and politeness with which the Mich78 Ransomware's author is using to ask for money, these payments remain extremely risky for those who undertake them. Indirect and misleading language is a frequent prelude to a hoax, and the Mich78 Ransomware's ransom note best exemplifies the fact.

Loading...