Mole02 Ransomware

Posted: June 15, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	26

First Seen:	June 15, 2017
Last Seen:	May 12, 2019
OS(es) Affected:	Windows

The Mole02 Ransomware is a Trojan that encrypts media on the infected PC to ransom them for money. Besides damaging what is on the original PC's hard drive, the Mole02 Ransomware also may attack backups or the contents of any local networks. Anti-malware protection may stop or delete the Mole02 Ransomware prematurely, but network security protocols and secured backups also are critical to keeping this threat's potential for harm to minimum levels.

Your Server is Becoming a Fresh Burrow for a Family of Moles

A freshly-excavated stage of the MOLE Ransomware project appears to be underway, with multiple parties in the business sector reporting of attacks involving an upgraded version of the threat. This new variant, the Mole02 Ransomware, delivers both ransoms and massive data-locking attacks. Malware experts also are highly interested in the latter's support for compromising multiple machines sharing a single, vulnerable network.

As a Trojan attacking business servers, the Mole02 Ransomware seems to be benefiting from spearhead attacks that install it via spam e-mails from a Brazilian address. With system access acquired, the Mole02 Ransomware scans for files to encipher with an encryption algorithm, such as PDF documents. As noted above, the Mole02 Ransomware also can attack separate PCs that it accesses over a localized network connection, with all symptoms suppressed until after it's locked the target media.

The Mole02 Ransomware's authors drop Notepad messages (such as 'HELP.txt') onto infected PCs to deliver their ransoming demands for your files. There is no free decryptor working for the MOLE Ransomware family, including this variant. Accordingly, any affected users could risk paying the on artists' ransom (which may not give them the decryption solution) or resorting to any backups that the Mole02 Ransomware has yet to damage.

Keeping the Potential for Making Underground Profits Buried

Judging from both current deployment patterns and prior ones, the Mole02 Ransomware's threat actors are operating in waves that release large quantities of the Trojan to different targets in close succession. The attacks installing the Mole02 Ransomware may include contents designed to imitate work environment content, such as package delivery notifications, or office equipment messages. Although malware experts can confirm that the Mole02 Ransomware uses multiple names for its executable, generally, its related description data disguises it as a product of a fake 'Carroll PLC Soft' company.

Symptoms related to file-encrypting attacks almost always are visible after the completion of all intended injury. Users dealing with compromised PCs should act immediately and isolate the Mole02 Ransomware infections from other systems or devices, including ones over local network connections. Although otherwise, it is a relatively professional example of threatening software, this Trojan does show poor evasion ratings against many anti-malware brands. Use proactive anti-malware protection to delete the Mole02 Ransomware or quarantine it as soon as possible.

The birthplace of revenue for the Mole02 Ransomware's campaign lies in the unsafe network and Web-browsing security habits of ordinary PC users. With this Trojan's family spiking sharply and on activity unpredictably, backing your files up and paying attention to what you're opening never has been more important.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%LOCALAPPDATA%\eb277641.exe

File name: eb277641.exe
Size: 66.56 KB (66560 bytes)
MD5: 0ae91dbea7eff4b045b42920035a7a93
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: July 5, 2017