Nowadays, discovering a new ransomware is a daily issue, thus it is not even possible to know about each of them. Nevertheless, some threats are so ridiculous and offensive that it’s worth writing about them. At the same time, the best thing is when a ransomware can be decrypted.
Not long ago, the security researcher Mosh released his analysis on a new ransomware called MicroCop, discovered by TrendMicro. Being installed, MicroCop will encrypt your data using DES encryption and prepend all of the encrypted files with the Locked.string. In other words, a file called test.jpg will be renamed after it is encrypted to Locked.test.jpg.
After that, the virus will change the victim’s wallpaper to a background which shows a picture of Anonymous stating that the victim stole 48 bitcoins from them and they want it back before they will release the files.
Apparently, this is not from Anonymous and is an outrageous demand, as 48 bitcoins is equivalent to $32,708.64 USD. However, what is more ridiculous here is the fact that the attackers leave the ransom note, but provide no way for the victim to contact them to arrange payment or receive the decryption key. To demand such an outrageous sum and not even provide a way for the user to actually get their files back is as low as you can get.
The good news in this case is that Michael Gillespie was able to create a decrypter which allows a victim to get their files back for free. So anyone who is affected by MicroCop ransomware, can just download and run the decrypter to get back to normal.