FANDOM


Mischa is a ransomware that infiltrates victims' computers and then encrypts files. Mischa is very similar to Samsam, Locky, Cerber, and dozens of other viruses.

Payloads

Transmission

Mischa is distributed using malicious email attachments that are commonly delivered as fake job application forms.

Infection

When infected email attachments are opened and administrator permission given, Petya is installed. If, however, the user decides to declines permission, Mischa ransomware is installed.

Unlike Petya (which locks computers), Mischa behaves like other regular ransomware. Mischa demands 1.9404 Bitcoin (~$882.88). Compared to other viruses, this ransom is quite large, since the size often fluctuates between 0.5 and 1.5 Bitcoin. Unfortunately, there currently are no tools capable of decrypting files compromised by this ransomware. Therefore, victims can only restore their files/system from a backup.

It then drops a text file which reads:

You became victim of the MISCHA RANSOMWARE!
The files on your computer have been encrypted with an military grade encryption 
algorithm. There is no way to
restore your data without a special key. You can purchase this key on the darknet 
page shown in step 2.
To purchase your key and restore your data, please follow these three easy steps:
1. Download the Tor Browser at "hxxps://www.torproject.org/". If you need help, please 
google for "access onion page".
2. Visit one of the following pages with the Tor Browser:
hxxp://mischapuk6hyrn72.onion/cSAH2A
hxxp://mischa5xyix2mrhd.onion/cSAH2A
3. Enter your personal decryption code there:
dcSAH2A1hBYo7jv9mnsEd3JD9HN9wuxa73CoKaZRLQDLLCiFkB7MJfSpWAyD5QFbDef3ksUf7rttp


                                                                                            

Community content is available under CC-BY-SA unless otherwise noted.