Do you know what Mole02 Ransomware is?
If you infect the system with Mole02 Ransomware, your whole data on the device might get encrypted with strong crypto systems, making you unable to access it. There is no doubt the malware’s creators are seeking to extort money from their victims since they ask to follow their instructions to receive decryption software and a unique key. Of course, to get these tools, you would be asked to pay a ransom. Keep it in mind there are no refunds when dealing with the cyber criminals. Not to mention they could demand victims to make even more payments, so decrypting locked data might cost your savings, and even then there are no guarantees you will be able to get your files back. This is why our researchers advise not to deal with the hackers. Also, they recommend erasing the threat immediately after the device gets infected as leaving it unattended could be dangerous; to eliminate Mole02 Ransomware manually follow the removal guide located below the article.
As usual for such malware Mole02 Ransomware is said to be distributed with malicious Spam emails. It means the infection’s installer could be downloaded and launched by the user himself. The problem is it can be challenging to recognize such data, especially if it looks completely harmless to you, for example, the malicious application’s creators can make it look like text documents, pictures, and so on. Therefore, we would advise you to suspect each file that comes from an unknown sender or falls under the classification of Spam. The potentially harmful attachment should be scanned with a reputable antimalware tool to make sure it is safe to open it. If it appears to be infected, the removal tool should warn you about it and help you get rid of the dangerous file.
According to our researchers who tested Mole02 Ransomware in our internal lab, the threat should create a randomly named executable file (e.g. 2FCBE0B0.exe) in the C:\Users\User\AppData\Roaming directory. In addition to this, the malicious application could also create a few new Registry entries in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce directories. These Registry entries should have random value names too, although they might be similar to the executable file created in the Roaming folder. The next malware’s step is to encrypt user’s data located on the infected device. The hackers claim to lock it with the RSA 2048 and AES-128 cryptosystems. It was noticed that during the process the file loses both its original title and extension. For example, a document titled text.docx could turn into 84B68B322047C03RS24RRFS717399365.MOLE02, and so on.
Mole02 Ransomware screenshot
Scroll down for full removal instructions
Soon after the encryption, Mole02 Ransomware should create a file called _HELP_INSTRUCTION.TXT in every directory containing encrypted data. The file is the cyber criminal’s ransom note. It advises victims to follow the provided instructions to obtain decryption software and a unique decryption key that is said to be hidden on the hackers’ secret server. We already mentioned at the beginning that there is no guarantee these people will not scam you. At this point, we would like to mention there is not knowing how long these decryption keys will be reachable through this secret server. If the connection gets lost, and sadly it happens from time to time, the decryption tool would be lost forever.
As you realize it yourself, paying the ransom is extremely dangerous, and users who do not wish to risk their savings should ignore the cyber criminals’ demands. Lastly, we would advise our readers to get rid of the malicious application as soon as possible. Otherwise, it will keep opening the ransom note each time the computer gets restarted, and if you accidentally relaunch it, Mole02 Ransomware might damage your data once more. Naturally, it seems safer to simply erase the threat and users can do so manually by following the removal guide located below. Afterward, you could scan the system with a reliable antimalware tool to check if the infection is gone and see if there are no other threats to the system.
Eliminate Mole02 Ransomware
- Press Ctrl+Alt+Delete.
- Open Task Manager and select Processes.
- Find a process associated with this malicious application.
- Select it and press the End Task button.
- Exit Task Manager.
- Press Windows Key+E.
- Go to your Desktop, Temporary Files, and Downloads folders.
- Find the infection’s installer, right-click it and select Delete
- Navigate to C:\Users\User\AppData\Roaming
- Find the malicious executable file, e.g. 2FCBE0B0.exe, right-click it and click Delete.
- Close the File Explorer.
- Press Windows Key+R.
- Type Regedit and select OK.
- Go to the listed paths separately:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce - Find value names related to the malware, e.g. their value data could point to C:\Users\user\AppData\Roaming\2FCBE0B0.exe
- Right-click such value names separately and press Delete.
- Close Registry Editor and empty Recycle bin.
- Reboot the system.
In non-techie terms:
Mole02 Ransomware is a dangerous threat created by hackers who seek to get payments from their victims. To convince users to pay the ransom the cyber criminals programmed the malicious application to lock the user’s private data so they could keep it as a hostage. It is often said that once the victim pays the ransom, he will get the means to decrypt damaged data, but as we stated in the main article, there is always a risk you might get tricked. Thus, instead of risking your money, we would advise you to look for available copies to replace encrypted files or try our special recovery tools. In any case, no matter what you decide, it would be best to delete the malware without any delays and to help you in this task we placed a removal guide available above this text. However, if it looks too complicated, it might be best to use a reputable antimalware tool.