mirey@tutanota.com Ransomware
The mirey@tutanota.com Ransomware is a new version of the CryptConsole v3 Ransomware build of the CryptConsole Ransomware's family. The file-locking Trojan locks your non-essential files with encryption, changes their names, and creates Notepad ransom notes in several locations. Maintaining secure backups, regularly monitoring your network's logins and security settings, and having anti-malware programs for deleting the mirey@tutanota.com Ransomware on sight are the ideal defenses for countering this threat.
The Trojan Console that's Still Raking in Ill-Gotten Money
The family of the CryptConsole Ransomware that, at first, was significant for nothing more than faking its file-locking attacks and stealing the Globe Ransomware's ransom note, is, by now, a much more independent and threatening collection of file-locking Trojans. New versions from the baseline of the CryptConsole v3 Ransomware, like the mirey@tutanota.com Ransomware, include both new ransoming messages and real, data-blocking features. Business networks and other, vulnerable servers are the systems that malware researchers are rating as being at the most risk.
The mirey@tutanota.com Ransomware's family, much like the Matrix Ransomware, takes advantage of Remote Desktop features on vulnerable PCs after a threat actor brute-forces their way past any login credentials. The mirey@tutanota.com Ransomware's main executable hides its identity temporarily as being a Microsoft update file for a LAN while the remote attacker runs its file-locking routine. These attacks use what malware researchers are rating as being a secure encryption standard that can make any documents, databases, images, or other, non-critical data illegible.
The mirey@tutanota.com Ransomware uses the new, TXT-based format for its ransoming messages, which it places on the desktop, as well as in other locations associated with the user's Windows profile. Its only update of any importance is to the address it uses for conducting the ransoming negotiations, which the threat actor provides for selling his decryption help. Old versions of the CryptConsole Ransomware family don't include actual data encryption for anything besides the filenames, but the build that the mirey@tutanota.com Ransomware uses has full media encryption and can block any media permanently, without the decryptor.
The Mire that Your Server Doesn't Need to Take Part In
Besides its new e-mail address, the mirey@tutanota.com Ransomware also makes a small change to how its installation configures itself: by dropping some of its components into a new 'confused' directory on the system's C drive. This high-visibility choice of a destination folder makes the mirey@tutanota.com Ransomware more likely of being run after the remote attacker can do so manually, instead of tricking a user into launching the executable, and, then, having the Trojan run inside of a hidden background process. RDP and brute-force-based attacks, which exploit improperly-secured login credentials, are archetypal infection vectors for many file-locking Trojans with this philosophy.
Other than using passwords that are less likely of being broken by brute-force hacking software, the users also can protect their PCs by monitoring their Remote Desktop settings on a regular basis and keeping additional backups out of the scope of the mirey@tutanota.com Ransomware's encryption attack. Since old versions of decryption tools for the CryptConsole Ransomware family aren't compatible with the mirey@tutanota.com Ransomware, victims without backups should contact a reputable member of the PC security industry for any further research into decrypting solutions. Standard anti-malware products, while not useful for 'unlocking' any files, can safely delete the mirey@tutanota.com Ransomware or block any other threats that could install it.
The mirey@tutanota.com Ransomware doesn't provide any concrete details on its ransom demands until after the user contacts the threat actor. However, if it's like the usual file-locking Trojan, its chances of accepting any payments that the criminal can't take and run with are virtually nil.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.