marcel.germann 0 Posted May 12, 2016 Share Posted May 12, 2016 (edited) We've got infected by a new Ransomware called "Mischa". It encrypts all Files on the connected Networkshares with endings .3P7m, .aRpt, .eQTz, 3RNu. And it creates two Files with the Content: You became victim of the MISCHA RANSOMWARE!The files on your computer have been encrypted with an military grade encryption algorithm. There is no way torestore your data without a special key. You can purchase this key on the darknet page shown in step 2.To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https:// www.torproject.org/".If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: hxxp:// mischapuk6hyrn7 2.onion/3P7mas hxxp:// mis cha5xyix2mrhd.onion/3P7mas 3. Enter your personal decryption code there: The Ransomware was delivered by an E-Mail with a german domain (@maills.de) masked as an job application with a link to a file in the Cloud (magentacloud.de/share/...) Our lucky that the user rebootet the computer what stopped the encryption. We were able to recover all files from the backup, so we don't need help with that. But we want ESET to recognize, that it won't happen again. Do you already know this Ransomware? Which is the best way to give you more information (encrypted files, links, ...)? Edited May 12, 2016 by Marcos links edited Link to comment Share on other sites More sharing options...
TomFace 539 Posted May 12, 2016 Share Posted May 12, 2016 (edited) Hello marcel.germann. See this KB article:hxxp://support.eset.com/kb141/ As far if ESET is aware of it, a moderator would have to answer that. Edited May 12, 2016 by TomFace Link to comment Share on other sites More sharing options...
Recommended Posts