I wrote this article to help you remove Mole03 Ransomware. This Mole03 Ransomware removal guide works for all Windows versions.
Today we are going to be talking about the Mole03 ransomware. It is an updated version of the Mole infection which, in turn, is based on the CryptoMix parasite. Regardless its connections, Mole03 is a classic ransomware which alone makes it very dangerous. Like the other members of this so feared family, Mole03 enters your machine in silence and then proceeds to lock all of your files. This is what all ransomware pieces do.
So, this pest encrypts your data with the RSA/AES combo encryption algorithm and turns it into unreadable gibberish. All of your pictures, music, videos, files, documents, presentations, databases, etc. become inaccessible to you. You are no longer able to open/view/edit/listen to any of your files. They are under lock down. They even receive the brand new “.mole03” extension at the end. Seeing your data renamed like that means that it is locked.
The ransomware has it as a hostage. As we say “hostage” because this infection demands a ransom in exchange for its return. Once the encryption process is over Mole03 drops the ‘_HELP_INSTRUCTION.TXT‘ file for you. This is the ransom note. According to what crooks have written in it, the only way to get your files back is by purchasing a special decryptor. If you pay the sum they want, they will send you the tool. Allegedly! This is what they promise but don’t forget who you are making deals with here.
Remember, crooks cannot be trusted! You have zero guarantees that you will get what you paid for. So, don’t pay! Don’t comply with their demands. If you do, you will lose much more than your data.
Let`s explain in details why paying is such a bad idea. For starters, there is a valid chance that you pay and don’t receive anything. Hackers may just take your money and not send you the tool. Or, they may send you one which works only partially or doesn’t work at all. This is also possible. You will end up double-crossed. But even if you get the right decryptor and use it to free your files, you still lose. You see, the decryptor only removes the encryption. It doesn’t remove the infection.
Mole03 remains on board ready to relock everything anytime it wants. Then what? Are you going to pay again? How many times are you willing to sponsor these people with your money? The ransomware itself is the problem here. As long as it is on your machine, you cannot safely recover your data. It has to be removed.
Use our removal guide below and clean your PC from this plague. Once the pest is gone, you can continue using the guide to safely retrieve your files. And don’t forget to back up your most important information in the future in case anything like this happens again.
How did Mole03 enter? As we said, it got in in silence. It tricked you. The pest pretended to be a font to sneak in. Yes, a font. It made you believe that your Google Chrome browser needs this font in order to be able to display certain pages.
The “font`s” executable is called “2017-07-23-1st-run-Font_Chrome.exe.” and if you run it, you basically invite the ransomware in. When you run the file, a “Display Color Calibration can’t turn off Windows calibration management. Access is Denied.’” notification appears. This triggers a User Account Control notification and you are asked to allow the WMI Command Line Utility to run. If you agree, you agree to the ransomware coming in. You need to be careful. Infections use all kinds of deceptive methods to trick you into giving them permission. Be on the alert.
Mole03 Ransomware Removal
Method 1: Restore your encrypted files using ShadowExplorer
Usually, Mole03 Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Mole03 Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs: