Mztu Ransomware is Another Djvu Variant Encrypting Data

Mztu is a ransomware variant that belongs to the Djvu family. It was discovered by our team while inspecting malware samples submitted to VirusTotal. Mztu encrypts files and appends the ".mztu" extension to filenames, as well as creating a "_readme.txt" file containing a ransom note. In some cases, threat actors may also steal sensitive data using other malware before encrypting files with Djvu ransomware.

The ransom note provides payment and contact information, encouraging victims to contact the attackers within 72 hours in order to avoid paying $980 instead of $490 for the decryption software and key. It also states that it is impossible to decrypt files without these tools. Additionally, victims can send one encrypted file for free decryption by emailing either support@freshmail.top or datarestorehelp@airmail.cc.

Mztu is a dangerous form of ransomware that can cause significant damage if not dealt with properly. Victims should take all necessary precautions when dealing with this type of malware, such as backing up important data regularly and keeping their systems updated with the latest security patches.

Finally, it is important to note that paying the ransom does not guarantee successful decryption of files.

The full Mztu ransom note

The "_readme.txt" file created by the ransomware, which contains its ransom note, reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-cud8EGMtyB
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

What can you do if you are a victim of the Mztu ransomware?

If you are a victim of the Mztu ransomware, it is important to take all necessary precautions to protect your data and system. First, you should back up any important data regularly in order to avoid losing it in case of an attack. Additionally, you should keep your system updated with the latest security patches in order to reduce the risk of being infected with malware.

It is also important not to pay the ransom demanded by the attackers as there is no guarantee that they will provide a working decryption tool or key. Instead, victims should seek out professional help from cybersecurity experts who may be able to help them recover their files without paying a ransom.

Finally, victims can contact the attackers via email at support@freshmail.top or datarestorehelp@airmail.cc and send one encrypted file for free decryption as stated in the ransom note. However, this does not guarantee success and victims should proceed with caution when dealing with these criminals.

Why is it never a good idea to pay the ransom asked by ransomware threat actors?

It is never a good idea to pay the ransom asked by ransomware threat actors as there is no guarantee that they will provide a working decryption tool or key. Paying the ransom only serves to encourage these criminals and may even lead to further attacks on other victims. Additionally, paying the ransom does not guarantee successful decryption of files, as attackers may simply take the money and disappear without providing any assistance. Furthermore, paying the ransom could also result in legal repercussions, depending on where you live.

Therefore, it is best to seek out professional help from cybersecurity experts who may be able to help you recover your files without having to pay a ransom. Additionally, victims should take all necessary precautions when dealing with this type of malware, such as backing up important data regularly and keeping their systems updated with the latest security patches.

What Is MZTU Ransomware - How To Stop & Remove MZTU Ransomware & Restore Files

January 23, 2023