Mircop Ransomware
Posted: June 28, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 57 |
| First Seen: | June 27, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Mircop Ransomware is a combination file encryptor and spyware program that both encrypts your data for ransoming it and collects information from your PC. Unlike similar threats, the Mircop Ransomware claims that its actions are justified by the user's prior theft of Bitcoin funds, although its distribution doesn't seem to be targeting con artists. Malware experts continue recommending non-ransom-based solutions to this Trojan and ones like it, which can protect your data and, if necessary, remove the Mircop Ransomware through safe procedures.
The Anonymous 'Cop' on Your Screen
Any threat campaign requiring some amount of complicity from its victims may make use of any number of social engineering tactics. However, few threats take the Mircop Ransomware's unusual step of accusing victims of being con artists, themselves. Other than that accusation, the Mircop Ransomware is a traditional file encrypting Trojan, with an extra handful of unique elements in how the Mircop Ransomware attacks your PC.
Malware experts find the Mircop Ransomware using the same e-mail spam-based installation points as most threatening file encryptors, which disguise its installer as some form of official notification (such as a Thai customs form). The attachment is an actual document but uses embedded macros for installing the Mircop Ransomware. Windows disables these macros by default, so the PC user would have to re-enable them manually to be at risk.
The Mircop Ransomware consists of three components concealed within the TEMP folder, only two of which are responsible for encrypting your local data. The third file is a spyware component that collects credentials, including passwords and account login names, from your Web browsers. The other two files encrypt the contents of specific folders, after which the Mircop Ransomware loads a ransom note. This image-based message contains the Mircop Ransomware's most unusual trait: an accusation that you've stolen 48.48 Bitcoins and must return them to receive a decryptor for your computer's files.
Giving a Real Thief the Reward He Deserves
As far as the rest of the file encryption Trojan 'industry' is concerned, the Mircop Ransomware isn't a technical achievement. However, malware experts rate the Mircop Ransomware of being somewhat worthy of examining for its unusual social engineering methodology, its inclusion of spyware features, and its atypical encryption format. While most Trojans make changes to the names of each encrypted file, the Mircop Ransomware, instead, adds the 'Lock.' prefix to each affected folder. In any case, the practical results of users being unable to access their encrypted data remain identical.
Another trait of the Mircop Ransomware's that has achieved newsworthy notice is the size of its ransom. Asking for over thirty-one thousand dollars in Bitcoin currency makes it seem as though the Mircop Ransomware's con artists are either unaware of the market value of Bitcoin or are targeting extremely wealthy victims. However, PC operators with access to sufficiently valuable data already should be taking steps for protecting their content with remote backups, which would be unaffected by the Mircop Ransomware's localized attacks.
If allowed to scan the infected PC, your anti-malware products should detect and delete the Mircop Ransomware's three, primary components. However, disinfecting a PC does not decrypt your data or retrieve any information collected by this threat. Passwords and similarly crucial security information should be changed or otherwise re-secured by any means necessary.
Unsurprisingly, no transactions for paying the Mircop Ransomware's overly-generous fee have so far been recorded.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.