Mimicry Ransomware

Mimicry Ransomware is not an entirely new infection in the world of malware. Malware researchers have evidence that this infection is just a new version of Shiva Ransomware (if you are interested, you can read about it on our website). Inevitably, Mimicry Ransomware shares similarities with the aforementioned threat. Speaking specifically, it should encrypt files on affected victims’ computers as well. Ransomware infections are programmed to lock users’ personal files seeking to obtain money from them. It seems that it is the main reason Mimicry Ransomware has been developed too because it demands money (“You have to pay for decryption in Bitcoin”) once files are encrypted. You might think that paying money to them is your only chance to get your files back. This might be true if you do not have a backup of those encrypted files, but paying money is definitely not what you should opt to since you might not get that promised tool from crooks. They will not bother to issue a refund to you in that case too, and, unfortunately, there is nothing you could do about that in this unpleasant situation. It is always better to erase malware from the system right away no matter it has locked your screen, your files, or threatens to make your computer unusable. We have prepared the guide to help you delete Mimicry Ransomware from the system too, and you should take action to disable it ASAP. Once the threat is gone, you could then try to find a way to fix your files.

Our malware researchers could not find a working sample of Mimicry Ransomware, but, according to them, it should lock files immediately after the successful entrance. Most probably, you will find .good appended to all your files. The infection should not rename any of the encrypted files, but you will see their original extensions changed, which is a clear sign that the entrance of the ransomware infection was successful. The appended extension cannot be removed, and even if you could do that, removing it would not help you to unlock a single personal file encrypted by ransomware. Judging from the message the ransom note HOW_TO_RECOVER_FILES.txt (it is dropped on the system by the ransomware infection) contains, cyber criminals only want your money. The price is not stated, but it will not be sold at a low price, we can assure you that. If you decide to purchase the decryptor, which we, of course, do not recommend doing, you will have to contact cyber criminals first by dropping a message to dsupport@airmail.cc. Make sure you do that soon after encountering the threat because the decryptor’s price is highly depended on how fast you write an email. Cyber criminals also encourage users to send 3 files (their total size must be less than 10MB) to them for the free decryption to show users that they have the working tool. You should accept this offer if your valuable files have been locked. Who knows, maybe you will really get them decrypted. Of course, you should not rush to pay for the decryption of those other files that have been encrypted because there are no guarantees that the decryptor will be sent to you. If you arrive at a decision that paying money to cyber criminals is nonsense, delete the ransomware infection right away. Once it is removed, you could restore files from a backup or try out tools that promise to recover data using Shadow Volume Copies. Unfortunately, we cannot give you any guarantees.

Mimicry Ransomware does not seem to be sophisticated malware, so specialists suspect that it is spread using a traditional method – through spam emails. Ransomware might pretend to be an important document to trick you into opening it, or you might infect your system with malware by simply clicking on the link the email received contains. If you have already encountered Mimicry Ransomware, it will be impossible to turn the clock back this time, but you can still prevent threats from entering the system by ignoring all suspicious emails.

Ransomware infections use strong encryption algorithms, so files stay encrypted even if these threats are removed. You will not unlock your files by deleting Mimicry Ransomware too, but it does not mean that you can do nothing about its entrance. Check the removal guide provided below – it will help you to delete this threat in no time.

Remove Mimicry Ransomware

1. Tap Win+E.
2. Check %USERPROFILE%\Downloads, %USERPROFILE%\Desktop, %TEMP%, and %APPDATA%.
3. Delete suspicious/recently downloaded files.
4. Remove HOW_TO_RECOVER_FILES.txt.
5. Empty Trash.
6. Perform a scan with an antimalware scanner.