Mole66 Ransomware

There have been a few Mole Ransowmare versions out there, and it seems that Mole66 Ransomware is also another variation of this malicious infection. Just like with the rest of the ransomware infections, the main reason they terrorize innocent users is money. They will encrypt your files and then say that you must pay ransom to get them back. Computer security experts are strongly against paying any type of ransom, and they maintain that you have to remove Mole66 Ransomware from your system as soon as possible. This is also the main objective of our description: Leading you through the removal process.

The thing about various versions of the Mole Ransomware infection is that there is not much difference between them. It means that they are probably distributed in a similar manner, and if you know how one program from this group reaches its victims, you should be able to avoid other infections, too. On the other hand, even if users know the main ransomware routes, they tend to think that it would not happen to them anyway, and they let their guard down. Needless to say, such attitude is very dangerous because Mole66 Ransomware might be hiding right behind the corner.

From what we know, Mole66 Ransomware usually spreads with spam email. The messages that spread the infection looks like notification from a delivery firm or a post office, and it usually says that there are problems with the delivery of your parcel. If a user has been expecting a parcel, they might feel inclined to open the attached file to see what exactly happened. Downloading and opening the file does not infect you with Mole66 Ransomware immediately. There is an outgoing link that you have to click, and then there is a fake plug-in file you need to download. Running that plug-in file eventually infects you with the ransomware program.

Just like all the other programs from the Mole Ransomware family, this new infection was developed from the CryptoMix Ransomware infection. Also, when we compare Mole66 Ransomware to other programs in the group, we can see that the author merely slapped a new ransom note and a new contact email. Nevertheless, we cannot apply the decryption tool that was used for other programs in this group because each version seems to have a unique encryption key. However, our research team believes that a free decryption tool will be available for Mole66 Ransomware soon enough because Mole Ransomware programs have been cracked before.

In the case of the infection, it will be very frustrating in the beginning because the program is really good at the encryption. Once it is executed, it makes a copy of itself in the %AllUsersProfile% directory. It drops an executable file with a random filename that consists of 10 characters. Then it creates of Point of Execution in the Registry and deletes the Shadow copies (if present) thus stopping you from restoring your files (unless you have an external backup).

Mole66 Ransomware immediately encrypts the entire user’s system, and all the affected files get the ‘.MOLE66’ extension. The program skips the %Windir%, %ProgramFiles%, and %ProgramFiles (x86)% directories, thus allowing your system to function further. The infection needs you to transfer the ransom fee, and the instructions are dropped in every affected folder in the ransom note _HELP_INSTRUCTIONS_.TXT. The ransom note does not say how much you should pay. It only says that you have three days to contact the owners of the infection via the given email address. It says that if you fail to contact them on time, “you will lose all your data.”

It is very unlikely that Mole66 Ransomware would delete all of your files. And since they are already encrypted, there is not much you could do about it. We also cannot be sure that paying the ransom would help you get your files back. Therefore, the best course of actions in this situation would be removing Mole66 Ransomware from your system and then looking for ways to retrieve at least part of your files.

As mentioned, a public decryption tool should be available soon. However, if you have all of your files stored in an external backup, you just need to delete the infection, the encrypted files and then transfer the healthy copies of your data back into your clean hard drive. Do not forget to also invest in a security tool that would help you protect your system from other types of threats.

How to Remove Mole66 Ransomware

1. Press Win+R and type %AllUsersProfile%. Click OK.
2. Delete the executable file with the 10-character filename.
3. Press Win+R again and type regedit. Click OK.
4. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
5. On the right pane, right-click the value with the random 10-character name.
6. Delete the value.
7. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
8. Right-click the value with the random 10-character name on the right side.
9. Delete the value and close Registry Editor.
10. Delete the _HELP_INSTRUCTIONS_.TXT ransom notes.