Mlza Ransomware Will Lock Your Computer
Our analysis of new malicious file samples revealed a new variant within the Djvu ransomware family, named Mlza. Its primary objective is to encrypt files located on a compromised system. Additionally, Mlza appends the ".mlza" extension to file names and creates a "_readme.txt" file containing a ransom message.
It's important to note that Mlza may potentially be distributed alongside data-stealing malware like RedLine or Vidar. To illustrate Mlza's file renaming behavior, it modifies filenames as follows: "1.jpg" is changed to "1.jpg.mlza," and "2.png" becomes "2.png.mlza," and so on.
The ransom message explicitly states that the only way to reverse the file encryption is by using a decryption tool and a unique crypto key held exclusively by the attackers. Furthermore, the message provides details about making partial payments and offers contact information.
In particular, it mentions that decryption tools are available for purchase at $980, with a discounted rate of $490 offered if victims make contact with the attackers within 72 hours after the encryption occurs. The ransom message provides two email addresses for communicating with the attackers: support@freshmail.top and datarestorehelp@airmail.cc.
Mlza Ransom Note Follows Established Djvu Pattern
The complete text of the Mlza ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted
with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-xN3VuzQl0a
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can You Protect Your Files from Ransomware Attacks?
Protecting your files from ransomware attacks requires a combination of preventive measures and proactive security practices. Here are several steps you can take to safeguard your files:
Backup Your Data:
Regularly back up your important data to an offline or cloud-based backup system. Ensure backups are not directly accessible from your network to prevent them from being compromised in an attack.
Keep Software Updated:
Regularly update your operating system, software, and applications to patch known vulnerabilities that ransomware can exploit.
Use Antivirus and Anti-Malware Software:
Install reputable antivirus and anti-malware software and keep it up-to-date. Enable real-time scanning to detect and block ransomware threats.
Employ Email Security:
Be cautious with email attachments and links. Use email filtering software to block suspicious emails and attachments.
Enable Firewall Protection:
Activate a firewall on your computer and network to block unauthorized access and malicious traffic.
Use Strong, Unique Passwords:
Create strong, unique passwords for your accounts and devices. Consider using a password manager to help generate and store complex passwords.
Implement Multi-Factor Authentication (MFA):
Enable MFA wherever possible to add an extra layer of security to your accounts.
Exercise Caution with Downloads:
Only download software and files from trusted sources. Avoid pirated or cracked software, as it may contain malware.
