MindLost Ransomware Is a Piece of Junk That Wants to Collect Credit Card Details - Computer Troubleshooters Huntsville

MindLost Ransomware Is a Piece of Junk That Wants to Collect Credit Card Details

Published on: January 31st, 2018

Security researchers have discovered a new strain of ransomware that encrypts users files and redirects users to an online page to pay the ransom via credit/debit card.

The ransomware is not under active distribution and appears to be still under development. First samples were spotted by security researcher MalwareHunter going back to January 15.

The ransomware identifies itself as MindLost, but Microsoft detects it as Paggalangrypt.

The ransomware works and does encrypt files. It targets a small number of file extensions but will search files on all the storage devices, with the exception of folders containing the strings:

Windows
Program Files
Program Files (x86)
The biggest clue that MindLost is still under development, is that this filter is not active yet. Searching and encrypting files on all the storage mediums is time consuming, so current MindLost samples bypass this behavior and only encrypt files in the “C:\\Users” folder. Stable versions will likely not feature this filter.

The file types it targets are:

.c
.jpg
.mp3
.mp4
.pdf
.png
.py
.txt

All encrypted files will receive a new extension .enc, such as a file named image.png will become image.png.enc.

Once the encryption ends, the MindLost ransomware will download an image from the below URL and set it as the computer’s new desktop wallpaper. This image contains instructions for recovering files.

MindLost ransom note
MindLost ransom note

For persistence, MindLost also sets a registry key to ensure its executable is started after every reboot.

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run
The ransom note instructs users to visit the following URL to buy a decrypter app that will decrypt files.

http://mindlost.azurewebsites[.]net

SHARE IT

share in twittershare in twittershare in twitter

You might also like

With an evolving business comes expanding technological needs. If your business is sending you any of these signs that it’s time to update your technology.