Mikel Ransomware is a Proxima Clone That Targets Various File Types
Mikel is a type of ransomware that encrypts data and demands payment in exchange for its release. The new variant belongs to the Proxima family.
The Mikel ransomware appends files with the ".mikel" extension. A ransom note is then created, indicating that Mikel targets larger entities like companies rather than home users.
The note also states that the stolen data can include financial, accounting, development and strategy documents. Victims are asked to pay the attackers or risk having their exfiltrated content leaked and their website's SEO processes negatively affected. The attackers offer free decryption of three small files as proof that recovery is possible.
Table of Contents
The Mikel ransomware full note
The ransomware creates its ransom note inside a file named "Mikel_Help.txt". The full contents of the file go as follows:
Your data have been Stolen, encrypted and inaccessible
Your critical information has been downloaded, including databases, financial/developmental, accounting, and strategic documents.
The file structure has been changed to unreadable format, but you can recover them all with our tool.
If payment is not made and if we don t hear anything from you for a while, your data will be leaked on TOR darknet and your competitors can have access to your data, we will also attack your company over and over again in the future.If you want to decrypt all of your data and return your systems to operative state, you require a decryption tool, we are the only ones who own it, and also, if you want your stolen data will be wiped out from our website, you better contact us at the following email addresses:
You can write us to our mailbox:
Mikel@cyberfear.com
Mikel@onionmail.comwrite this in the email title:
ID: -
- Make sure to include the ID in the email subject line, otherwise we wont answer your emails.
++++ What assurance is provided that we will not deceive you?
It's just a business and we don't pursue any political objectives. We absolutely do not care about you and your data, except getting benefits, money and our reputation are the only things that matters to us. if we do not do our work and liabilities, nobody will cooperate with us which is not in our interests.
Prior to the payment, and to check the ability to return files, you can send us 3 files (under 5MB) of any format that do not include sensitive information. We will decrypt them and send them back to you. That is our guarantee.++ Important
If you want the decryption procedure to be effective, DO NOT delete or modify the encrypted files, it will cause issues with the decryption process.++ Beware
Any organization or individual who asserts they can decrypt your data without paying us should be avoided. They just deceive you and charge you much more money as a consequence; they all contact us and buy the decryption tool from us.If you do not cooperate with us, it does not matter to us, But you have to accept its consequences:
*Your data will be leaked for free on TOR darknet and your competitors can have access to your data.
*We know exactly what vulnerabilities exist in your network and will inform google about them.
*We are experts in Negative SEO. We will do irreparable harm to your website.The money we asked for is nothing compare to all of these damages to your business, so we recommend you to pay the price and secure your business, simple.
If you pay, we will give you tips for your security, so it can t be hacked in the future.
besides, you will lose your time and data cause we are the only ones that have the private key. In practice, time is much more valuable than money.
What are double extortion tactics used by ransomware threat actors?
Double extortion tactics used by ransomware threat actors involve encrypting victims' data and then exfiltrating it, threatening to leak the stolen data if the ransom is not paid. They may also threaten to continuously attack the victims and negatively affect their website's SEO processes if they do not comply with their demands.
How can you protect your data from ransomware similar to Mikel?
- Ensure that all software and operating systems are up to date with the latest security patches.
- Implement a robust backup strategy and store backups in an offline location.
- Use antivirus software and keep it updated regularly.
- Disable macros in Microsoft Office documents from unknown sources.
- Restrict user privileges to only those necessary for their job role.
- Educate users on the risks of ransomware and how to identify suspicious emails or websites.
- Monitor network activity for any suspicious behavior or connections to malicious IP addresses or domains.
