Jump to content

new Ransomware Mischa

Recommended Posts

 We've got infected by a new Ransomware called "Mischa".

It encrypts all Files on the connected Networkshares with endings .3P7m, .aRpt, .eQTz, 3RNu.

And it creates two Files with the Content:



You became victim of the MISCHA RANSOMWARE!

The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to
restore your data without a special key. You can purchase this key on the darknet page shown in step 2.

To purchase your key and restore your data, please follow these three easy steps:

  1. Download the Tor Browser at "https://  www.torproject.org/".If you need
     help, please google for "access onion page".
  2. Visit one of the following pages with the Tor Browser:

       hxxp:// mischapuk6hyrn7 2.onion/3P7mas
       hxxp:// mis cha5xyix2mrhd.onion/3P7mas

  3. Enter your personal decryption code there:


The Ransomware was delivered by an E-Mail with a german domain (@maills.de) masked as an job application

with a link to a file in the Cloud (magentacloud.de/share/...)


Our lucky that the user rebootet the computer what stopped the encryption.

We were able to recover all files from the backup, so we don't need help with that. But we want ESET to recognize, that it won't happen again.



Do you already know this Ransomware?

Which is the best way to give you more information (encrypted files, links, ...)?

Edited by Marcos
links edited
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...