Mercury ransomware, reported on December 10, 2018, is a file-locking virus that uses AES encryption algorithm to lock various files including images, text documents, databases, videos, audios and so on. And it requires sufferers to pay a ransom for decryption. Read this post to learn more information about this ransomware and what you should do.

What Is Mercury File Extension Ransomware

On December 10, 2018, another ransomware was been detected by security researchers to spread in several Asian countries. This ransomware prevents its victims from accessing it by adding the .Mercury extension to files to encrypt it. For example, the file 1.png is renamed to 1.png.Mercury.

Then, the virus offer a note file called !!!READ_IT!!!.txt, informing victims that their files were encrypted and requesting a specific payment in order to receive the decryption tool. And affected users must contact attackers and discuss all payment details by using the emails [email protected] or [email protected].

ransom note file of Mercury

Besides, cybercriminals will offer 1 file for free decryption to prove that they can be trusted. However, you should never believe in them because they may ignore victims even if they have received the ransom. They also ask their victims not to rename the encrypted files and claim that only they can decrypt data.

Mercury ransomware may reach the computer system via phishing email messages and rogue content that comes attached together. It can modify the Run and RunOnce Windows registry and create suspicious entries to automatically run the encryption file of Mercury ransomware on Windows boot.

In addition, this ransomware attack may have a wide range of damages to your PC, for example, disable antivirus program, delete shadow volume copies of locked files, stop Windows Recovery process, automatically terminate some documents after encryption, open a path for other malware forms, etc.

How to Remove Ransomware

What to do if you are infected by Mercury File Extension ransomware? You had better not contact with Mercury developers to pay a ransom.

Unfortunately, there isn’t a free decryption tool at the moment to help you decrypt your locked files by cybercriminals. But you can choose to remove the .Mercury files virus safely.

The best option is to use a strong and reliable anti-malware tool to perform the ransomware removal, for example, SpyHunter can help you with in-depth system security analysis, detection, and removal of threats such Mercury Files virus.

Also, ReimageRepair or Malwarebytes can also be useful to detect all malware-laden components that may be hiding in the computer system.

Next, you can start thinking about recovery options. And the good option is to use MiniTool Power Data Recovery, free data recvery software, to perform a file recovery. The possibility of recovery is slim but you can have a try.

Protect Your PC from Ransomware

To keep your computer safe from ransomware or other viruses, you can take some measures. Here are ransomware prevention policies:

  • Avoid opening emails along with attachments that are from unknown or suspicious email addresses.
  • Be careful to download, install, update software and browse the web: don’t click on questionable hyperlinks or download unknown programs, just download software using only official or trustworthy websites.
  • Have a reputable anti-spyware.
  • Refresh the entire computer system to make sure all hazardous components are disabled.
  • Store copies of all important documents on remote devices like USB drive, remote servers or cloud. Note that the USB drive should be kept unplugged from your machine when it is out of use.
Tip: To protect your PC from virus or ransomware, the most important thing is to back up the PC system and data. To do this, MiniTool ShadowMaker, professional Windows backup software, is recommended.
  • linkedin
  • reddit