Mischa Ransomware is a serious computer infection that will appear on your system if another well-known ransomware infection called Petya cannot be installed. In most cases, Mischa Ransomware is installed instead of Petya because the latter ransomware requires the Administrative privileges. If it is unable to gain those rights, Mischa Ransomware is installed instead of it. Mischa Ransomware does not differ much from already existing ransomware infections because it also encrypts a bunch of files stored on the computer soon after it sneaks onto the computer. Like other ransomware infections, this threat will also ask to pay a ransom. Of course, there is one unique thing about it too. Specialists working at 411-spyware.com have revealed that this threat modifies the MBR (Master Boot Record) upon installation. Unfortunately, this means that it will not be easy to get rid of this threat. Do not worry; further in this article we will explain you how to fix the MBR.
It has been noticed that Mischa Ransomware is targeted at companies based in Germany mainly; however, it can sneak onto computers that belong to ordinary computer users as well. We are sure that you will notice if this really happens. First of all, your computer will be restarted and then fake Chkdsk (Windows system tool) will be launched in order to make sure that users do not restart their computers. When the fake Chkdsk procedure finishes or a user attempts to restart the computer, he/she immediately notices a window containing an ASCII skeleton and words “PRESS ANY KEY.” If a user does as instructed, a window with a ransom note appears:
You became victim of the PETYA RANSOMWARE!
The harddisks of your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key.
The message also contains step by step instructions on how to purchase the key for decrypting files. Specialists have found out that this key costs 1.93 Bitcoins (~$875); however, a higher ransom might be set in the future too. On top of that, users have observed that the ransom doubles after 7 days, so if you are planning on purchasing it, you should not wait much longer.
Mischa Ransomware is going to encrypt a bunch of different standard data files having such filename extensions as .docm, .bat, .prf, .srw, .bmp, .gif, .tiff, .mp4, .disc, .iso, .toast, .ccd, .disc, .txt, .lnk, .bak, .pas, .aac, .mts, .m3u, .ram, etc. In addition, it might also touch .exe files. Unfortunately, there is no way to decrypt files for free at the time of writing; however, you should not hurry to pay a ransom because nobody knows whether you will really get the key for unlocking your files. In case you decide not to make a payment, you need to delete Mischa Ransomware as soon as possible. As you already know, it will not be very easy to do that, so we suggest that you continue reading this article.
Many users wonder how Mischa Ransomware managed to enter their systems, so we have decided to talk about the distribution of this threat in a more detailed way. Research has shown that Mischa Ransomware is usually distributed via emails containing a download link to Dropbox. If a user opens it, he/she notices a file, e.g. PDFBewerbungsmappe.exe. It has the PDF icon and looks completely decent at first sight, which explains why there are so many users who download and start it. After they do that, the executable will immediately try to install the Petya Ransomware. In case it is impossible, Mischa Ransomware will be installed instead of it. In order to make sure that similar threats cannot sneak onto your PC again, you need to install a security tool on your computer and do not open suspicious files ever again.
Unfortunately, the only way to make Mischa Ransomware disappear is to repair the MBR. Below you will find our step-by-step instructions that will help you to do that. After doing that, you will also have to reinstall your Windows OS. If you have used Repair&Recovery function to set up Windows, you will also have to delete the malicious file (e.g. PDFBewerbungsmappe.exe) you have launched (do not forget to take care of its copies in %TEMP% too!). Of course, it is possible to do that manually; however, the quicker way would be to acquire a security tool, e.g. SpyHunter and then scan the system with it. A trustworthy scanner would also delete additional threats for you as well.
Windows XP
Windows Vista
Windows 7
Windows 8/8.1
Windows 10