Mole02 Ransomware

Posted by Sarah Stewart on July 25, 2017

What is Mole02 Ransomware?

Mole02 Ransomware is a malicious computer infection, but it is one of the few that should not cause you a terrible headache. This ransomware program has a decryption tool available, and so you can restore all of your affected files for free. Nevertheless, just because there is a way to counter the effects of this infection, you should not take it lightly. You need to remove Mole02 Ransomware from your computer before decrypting your files because there is always a chance the program might encrypt the healthy files again. Please check out the manual removal instructions right below this description for more information.test

Where does Mole02 Ransomware come from?

Unfortunately, we cannot offer a new narrative when it comes to the Mole02 Ransomware distribution. As our research suggests, this program usually spreads via spam emails, and that is actually the most common ransomware distribution method. It is rather annoying to know that users still fall for this scam, but spammers have become more and more sophisticated lately, so they are trying their best to trick the unsuspecting users into opening malicious emails.

What does the installer file for Mole02 Ransomware look like? It usually looks like a genuine document file that the spam senders want you to open. For instance, it could look like an MS Word document or a PDF file. That is because the spam mails that distribute ransomware often look like official notifications from reputable companies. For example, some of the messages might try to make you think that they are official invoices from online stores. Or perhaps they look like financial reports from a bank. But it is always very easy to check whether they are legitimate or not. Have you recently bought anything from the said store? Do you actually have an account in the said bank? If both answers are no, you probably should not open that attached file.

Finally, if you are really curious about the information on the file, you can also scan it with a security program before opening it. If the file is malicious, your security application should warn you about it.

What does Mole02 Ransomware do?

Our research team says that this program probably belongs to the CryptoMix family. So it means that Mole02 Ransomware works very much like CryptoShield Ransomware and Revenge Ransomware. The thing with ransomware families, though, is that even if the programs from the same group a very similar, the decryption tool usually works only for one program in the family.

We are just lucky now that this program already has a public decryption tool available. Normally, it would not be possible to apply the same removal and decryption methods across several programs within the group.

From the program’s ransom note, we can see that it uses the usual ransomware methods to lock your files. It supposedly employs the RSA and AES encryption algorithms that scramble the information within your files. Once the encryption is complete, it is no longer possible to open any of the targeted files. Also, the program drops the ransom note in every folder that was affected by the encryption. The note reads as follows:

!!!IMPORTANT INFORMATION!!!

All of your files are encrypted with RSA 2048 and AES-128 ciphers.

More information about the RSA and AES can be found here:

<…>

Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.

Follow these steps:

1. Download and install Tor Browser: http://www.torproject.org/download/download-easy.html

2. After a successful installation, run the browser and wait for initialization.

3. Type in the address bar: http://supportjy2xvvdmx.onion/

4. Follow the instructions on the site.

!!! Your DECRYPT-ID: 9e5aeba5-619c-455a-b962-1cf88b3121ce !!!

Needless to say, you do not need to do any of that because we have already established that you can restore your files with the public decryption tool. Therefore, the thing you need to focus on is the removal of Mole02 Ransomware.

How do I remove Mole02 Ransomware?

You can delete this infection manually or automatically. Automatic removal with a powerful security application is faster and more efficient, but if you want to try out the manual removal, you can use the instructions below. Please do not hesitate to leave us a comment if something does not go according to the plan. We are always ready to assist you.

Manual Mole02 Ransomware Removal

  1. Press Win+R and the Run prompt will open.
  2. Type regedit into the Open box. Click OK.
  3. Open HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  4. Right-click the 00AE0EBCF2F2 and 0EBCF2F2* values on the right pane.
  5. Choose Delete to remove them.
  6. Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.
  7. Right-click the *0EBCF2F2 value to delete it.
  8. Exit Registry editor and press Win+R. Type %AppData%.
  9. Click OK and open the directory.
  10. Remove the 0EBCF2F2.exe file from the folder.
  11. Perform a full system scan with the security tool of your choice.

* NB – These are the files names that we had in the sample that we researched. The filenames on your computer will be different because they are generated at random. 100% FREE spyware scan and
tested removal of Mole02 Ransomware*

Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *