Miza Ransomware is an Offshoot of Djvu Targeting Files for Encryption

During an examination of new file samples, our team of researchers discovered Miza, a ransomware program. Miza belongs to the Djvu ransomware family, a category of malware that encrypts data and demands payment in exchange for decryption.

After conducting a test using a sample of Miza on our designated machine, we observed that it successfully encrypted files and modified their filenames by appending the ".miza" extension. For instance, a file originally known as "1.jpg" would be transformed into "1.jpg.miza," while "2.png" would become "2.png.miza." This renaming process occurred consistently for all affected files.

Once the encryption process was finalized, Miza generated a ransom note named "_readme.txt." It's important to note that Djvu infections can sometimes coincide with the presence of other data-stealing malware, including Vidar, RedLine, and similar threats.

The ransom note serves as a demand for payment, informing the victim that their files have been encrypted and can only be restored by submitting a ransom. The message specifies the ransom amount as $980. However, if the victim establishes contact with the attackers within a 72-hour timeframe, the ransom can be reduced by 50% to $490. Before proceeding with the payment, the victim has the option to verify the decryption capability by sending the attackers a single encrypted file.

Miza Ransom Note Asks for Modest Ransom

The full text of the Miza ransom note goes as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-nSxayRgUNO
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

How Can Ransomware Like Miza Infect Your System?

Ransomware, including Miza, can infect your system through various means. Here are some common methods by which ransomware can infiltrate your system:

• Phishing emails: One prevalent method is through phishing emails. Attackers may send emails that appear legitimate, often masquerading as a trusted entity or containing urgent messages. These emails may include malicious attachments or links that, when clicked, download and execute the ransomware on your system.
• Malicious downloads: Ransomware can be disguised as legitimate software or files available for download on the internet. These downloads may be hosted on compromised websites, file-sharing platforms, or presented as fake software updates. When you unknowingly download and run such files, the ransomware infects your system.
• Exploiting software vulnerabilities: Ransomware can exploit security vulnerabilities in your operating system, applications, or network infrastructure. Attackers constantly search for weaknesses in software and exploit them to gain unauthorized access. It's crucial to keep your software up to date with the latest patches and security updates to minimize the risk of exploitation.
• Malvertising: Ransomware can be delivered through malicious advertisements displayed on websites or pop-up ads. Clicking on these ads may redirect you to websites hosting ransomware or automatically download the malicious software onto your system without your knowledge.
• Drive-by downloads: Ransomware can also be distributed through drive-by downloads, where malicious code is injected into legitimate websites without the site owner's knowledge. When you visit these compromised websites, the malicious code automatically downloads and executes the ransomware on your system.
• Social engineering and malicious links: Attackers may employ social engineering techniques to trick you into clicking on malicious links, such as in instant messages, social media posts, or online forums. These links can lead to websites hosting ransomware or initiating the download of malicious files.