Security researcher Michael Gillespie has created a decrypter that can recover files locked by the MIRCOP ransomware, without paying the ransom fee.
The MIRCOP ransomware appeared towards the end of June and had two unique features that made it stand apart from all the ransomware variants discovered each day.
One of them is its ransom note, which uses the masked Guy Fawkes figure, usually employed by Anonymous hackers. The ransom note has a threatening tone and tells the user to return stolen money or face payback, supposedly from the robbed Anonymous hacker.
The second feature was the exorbitant amount of money asked in the ransom note, which was 48.48 Bitcoin (~$32,000).
Three days after Trend Micro and security researcher Nyxbone revealed the presence of this new family, Gillespie had already put together a decrypter for this threat.
You can download the decrypter from here. Just unzip the file and run the application. The decrypter will leave the original encrypted files in place, just in case the decryption routine fails, so you can use it without fearing you’ll lose your original files.
Once the decryption ends, you’ll receive a notification message on your screen, like the one pictured below.
If you need help with the decrypter, Gillespie provides support for needy users on this Bleeping Computer forum thread.