MindLost Ransomware

MindLost Ransomware is a wicked infection that our malware researchers identify as yet another file encryptor that is set to corrupt your personal files. At this stage, the ransomware is still new, and it is believed that it has not been fully developed. That, unfortunately, means that we cannot know for sure how this threat works. Of course, if it evolves and if the instructions showing how to delete the threat change in the future, this guide will be adjusted to represent the most relevant information. For now, all we can do is review the current version of the ransomware. First things first, if your operating system has not been invaded by this malware yet, you need to install reliable anti-malware software ASAP! You should also back up your most valued personal files. If files are backed up, you will not lose them even if a malicious ransomware manages to slither into your operating system. This is the best defense against GandCrab Ransomware, Desucrypt Ransomware, Velso Ransomware, and all other malicious threats. Right now, let’s focus on the removal of MindLost Ransomware.

The distribution of MindLost Ransomware is very mysterious, and it is possible that the attacker behind this malicious threat will employ different methods to invade your operating system. In most cases, ransomware threats spread via links and files attached to misleading spam emails, and so you have to be cautious about those. Of course, ransomware could be downloaded by active Trojans or come bundled with malware. Basically, if a security vulnerability exists, it can be exploited. Once the infection is in, it should create a file named “wallpaper.bmp” in the %TEMP% directory. Additionally, it should create a folder on the Desktop with the “id.txt” file inside. The folder was not created by the sample tested in our lab, but, according to the ransom note represented via the wallpaper.bmp file, it should represent the ID that the creator of MindLost Ransomware allegedly needs to identify you by. According to the note, the folder should also include “Decryptor.exe,” which should initiate the decryption after you pay the ransom. If the folder and files are created, you will need to delete them.

The MindLost Ransomware ransom note represented via wallpaper.bmp in %TEMP%:

Don’t Lose Your Mind But All Of Your Files Have Been Encrypted!
Now it’s not too late, you can still get them back and go back to your life. All you have to do is go to http://mindlost.azurewebsites.net and pay 200$ and all of yor files will be available to you again.
When paying (and you will) enter your computer’s ID. You can find your computer’s ID in a file called ID.txt in your Desktop folder. Afterwards enter your credit card information to complete the payment.
Now you can also purchase an insurance for an extra 50$. This means you will never be attacked by us again. This is strongly advised unless you want to go through all of this again.
When you finish paying just go to your Desktop folder, run Decryptor.exe and all of your files will be safely decrypted and available to you again.

At the moment, hxxp://mindlost.azurewebsites.net does not work, and it is likely that this website has been taken down already. That, of course, does not mean that the creator of the ransomware could not build a new one. Our research has shown, however, that the instructions represented via the page demanded the ransom to be paid using a credit card. That is quite unusual because, in most cases, ransomware creators use cryptocurrency to collect the payments. This is why it is believed that the malicious MindLost Ransomware might have been created to steal credit card information as well. In the worst case, this data could be used for illicit transactions. That is not the only reason why you should not pay the ransom. Although cyber criminals might reassure you that decryption is possible as long as you comply with the demands, we have to warn you that you are likely to waste $200 for nothing if you pay the ransom. All in all, even if you decide to pay the ransom – as well as the dubious insurance for $50 – you still need to delete MindLost Ransomware, and we have a few removal tips for you.

As mentioned previously, the current version of MindLost Ransomware is unlikely to be its final because it is believed to be in development still. That being said, the removal instructions below have been created to remove the current version of this threat. As you can see, not many steps are required. Of course, it is much better if you install anti-malware software. It will automatically delete MindLost Ransomware at any stage that it might be in along with all malicious components that it might use. Another reason to install this software is the protection it can produce. As long as anti-malware software is installed, you do not need to fear the invasion of other infections. That being said, you still need to be cautious, and you still need to back up personal data. If it is not backed up, it is likely that you cannot rover the files corrupted by the ransomware. If we learn anything else about the decryption, we will inform you ASAP.

MindLost Ransomware Removal

1. Delete all recently downloaded suspicious files (they can have random names and random locations).
2. Simultaneously tap Win+E to launch Windows Explorer.
3. Type %TEMP% into the bar at the top.
4. Delete the file named wallpaper.bmp (note that the name could be changed).
5. Move to the Desktop.
6. Delete the {random name} folder with ID.txt and Decryptor.exe files inside.
7. Empty Recycle Bin and then run a full system scan using a legitimate malware scanner to check for potential leftovers.