Home Malware Programs Ransomware Mole03 Ransomware

Mole03 Ransomware

Posted: July 25, 2017

Threat Metric

Ranking: 3,183
Threat Level: 8/10
Infected PCs: 41,422
First Seen: July 25, 2017
Last Seen: October 15, 2023
OS(es) Affected: Windows

The Mole03 Ransomware is an updated member of the CryptMix Ransomware, a family of Trojans that locks your files so that it can ask for money to restore them. Unlike many file-encrypting campaigns, the Mole03 Ransomware's distribution uses compromised websites and fake pop-up notifications to compromise the victim's PC. Maintaining your Web-browsing security, abiding by backup schedules, and using anti-malware protection for removing the Mole03 Ransomware all are valid ways of protecting your computer.

The Trojan Mole is Adding a Fresh Tunnel to Its Burrow

The next version of the EiTest campaign seems to be priming for release into the wild, with malware experts confirming new samples of a MOLE Ransomware update: the Mole03 Ransomware. Although its ransom processing services lag slightly behind the Trojan's payload, this threat continues blocking the victim's media and delivering messages asking for money to recover them. Most changes to its symptoms appear as being superficial, although there remains the possibility that the Mole03 Ransomware is including meaningful encryption changes that aren't readily apparent.

The Mole03 Ransomware, like most members of the CryptMix Ransomware family, is exploiting unsafe Web content inserted into hacked domains for installing itself. Then, it uses this system access to encrypt different, popular formats of media, such as PNG, JPG, PDF, DOC and DOCX. The Mole03 Ransomware updates the extension for these blocked files to '.MOLE03' and converts the original name with the Base64, which makes it resemble a series of semi-random alphanumeric characters.

Malware experts found fewer changes to the Mole03 Ransomware's ransoming message, which sells its file-restoring decryption service. The text file, which the Mole03 Ransomware places in the same folders as any encoded media, provides the victim with a unique ID and two links to its TOR websites. At this time, the threat actors have yet to update the Mole03 Ransomware's domains; any victims who try to pay the ransom receive greetings from a site offering decoding help for the previous versions of the MOLE Ransomware.

Keeping Bad Software Underground

The free decryption options for the Mole03 Ransomware's family are highly limited, and preventing an infection is the best defense malware analysts can recommend, outside of keeping backups of any files that would be at risk of being locked. The Mole03 Ransomware's installers are disguising themselves as fake font update and technical support pop-ups, both of which launch through the user's Web browser after accessing one of a variety of hacked sites. Disabling content such as JavaScript and Flash, and blocking advertising networks with poor security standards, can lower your chances of encountering the Mole03 Ransomware while surfing the Web.

Always back your files up to another device to keep threats like the Mole03 Ransomware from being capable of taking your media hostage. Until a decryption breakthrough occurs, Windows users will need to rely on prevention-based security standards to eliminate data loss that may not be reversible. However, most anti-malware products can delete the Mole03 Ransomware and other members of the wider Cryptmix Ransomware family with limited impediments.

Advertising content is a gateway to both the ideals of capitalism and a possible path to a consumer harming him or herself. Trusting a suspicious security alert or a strange Web error as being above the board is one way in which PC users compromise their machines and add to the Mole03 Ransomware's profit.

Loading...