Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Mystic Ransomware

Mystic Ransomware is actually a mystical and dangerous threat that seems to be a time traveler since its ransom note seems to be rather old and outdated; yet, this ransomware threat seems to be around and spreading. We have also found that this malicious program may not fully function any longer as the main website provided by the authors seems to be dead; therefore, both payment transfer and decryption are impossible. This, unfortunately, may leave you with lots of encrypted files that you may not recover in any way unless you have a recently saved backup. In situations like this, a backup could be the only thing that can save you from losing all your personal files. It seems that this ransomware may only encrypt files in one main system folder; at least, that is what happened in our case when testing this vicious program. Still, it can cause a lot of headaches and loss. That is why we recommend that you remove Mystic Ransomware from your computer immediately. Before we tell you how you can eliminate this threat, let us tell you more about this infection and how you may avoid similar ones in the future.

This ransomware program has been found spreading via spamming campaigns. This is a distribution method widely used by cyber criminals as you can easily infect potentially victims within a short time frame. If the spam is sophisticated enough, even more experienced users may fall for it. The main trick behind such a spam is that it appears to be legitimate and, at the same time, it also makes you believe that it regards a very urgent and important matter. This is why victims actually open it and then, try to run the attached file. This attachment however is the malicious executable of this dangerous threat. Once you launch it, there is no way back and you will not be able to stop its amok running until it finishes encryption. In other words, you can only delete Mystic Ransomware when your files have already been damaged beyond the possibility of repair without the unique decryption key. This is why it is essential that you become more cautious around your inbox and spam folder as well. Whenever you are in doubt about a mail or its attachment, do not open it until receiving confirmation from the sender. It is much less of a hassle to write an e-mail to the sender and inquire about the attachment and the subject than getting hit by such a ransomware. Keep in mind that no matter how updated and modern your spam filter may be, cyber criminals are always a few steps ahead and that is why a few spam may evade detection. Prevention is the key here and you can lower the risk of infection if you avoid opening suspicious mails and also, if you keep away from suspicious websites, clicking on third-party ads, and update your browsers and drivers regularly.

We have no information about the kind of encryption algorithm used by this ransomware program, but it is quite likely the AES-256, which is used by most ransomware infections. This malicious program targets your most important files, including your photos, videos, documents, and databases trying to hit you hard enough to push you to pay the ransom fee for the decryption key. However, in our case, we have found that our sample only encrypted files in the "%USERPROFILE%" folder and below. The affected files do not get a new extension so the file names remain untouched, which makes it more difficult to identify this threat. This infection also drops a ransom note text file onto your system called "ransom.txt." This file contains all the information for you to be able to transfer the ransom fee and get your decryption key. But this ransom note seems to be rather old since these criminals ask for 1.01 BTC to be paid within 5 days, which is an insane 4,242 USD at the moment, but at the time of the release of this ransomware it was as low as 280 US dollar worth. Apart from this, we have also found that the website you are supposed to visit for more information and to be able to get your key after transferring the money is down and looks dead. This means that there is no way for you to pay and to get your key; not that we would advise anyone to pay any amount to cyber criminals. In fact, we recommend that you remove Mystic Ransomware right away.

Hopefully, you do have a recent backup that you can use to recover most of your important files even if not all of them. But before you start copying your clean files, make sure that you delete all the related files. Please use our instructions below if you think you can identify the suspicious files that could be responsible for this dangerous attack. If you want to defend your PC against similar malicious threats, we suggest that you start using a reliable anti-malware program, such as SpyHunter. But do not forget about the importance of keeping all your programs and drivers always up-to-date to stop cyber criminals from being able to exploit outdated security holes.

How to remove Mystic Ransomware from Windows

  1. Open your File Explorer by tapping Win+E.
  2. Check your default and chosen download directories (e.g., Desktop, %Temp%, and Downloads folders) for any recently saved suspicious file and delete them.
  3. Delete the ransom note file.
  4. Empty your Recycle Bin.
  5. Restart your PC.
Download Spyware Removal Tool to Remove* Mystic Ransomware
  • Quick & tested solution for Mystic Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.