Mich78 takes files to hostage and demands to pay the ransom

Mich78 is a recently discovered ransomware[1] virus that encrypts various documents, databases, and networks folders on the targeted computer. Victims are asked to contact criminals via mich98@usa.com or michael78@india.com email addresses to get detailed data recovery instructions.
Following data encryption, Mich78 virus delivers a ransom note called recovery.txt that includes personal victim’s ID and gives instructions what victims should do after the attack. Victims are told to send their ID and computer’s external IP address to one of the provided emails.
Cyber criminals promise to reply as soon as possible with detailed explanation what people need to do. However, this ransomware business runs traditionally. Victims have to pay the ransom in Bitcoins in order to obtain decryption software. However, the size of the payment is not revealed. It might be set individually based on the importance of encrypted files.
Authors of Mich78 ransomware gives a guarantee that they have working decryption software. They allow victims to send up to 3 files for free decryption. However, these records cannot be important, and their size cannot be bigger than 10 Mb.
According to crooks, attempts to recover files using other tools might lead to data loss. What is more, if hackers notice that you tried to avoid this rules and used additional software, the size of the ransom might increase. However, it’s just a psychological terror necessary for scaring victims and making them pay.
Keep in mind that paying the ransom might not end up as you expect.[2] Nevertheless, crooks may have decryption software; they might not allow you to use it after receiving the money. The purpose of ransomware is to get as much money as possible from the computer users. However, crooks may not be interested or simply too lazy to help you with data recovery. Thus, you should not listen to their threats and remove Mich78 with professional security software, such as FortectIntego.
Currently, the virus is under investigation. Thus, security experts haven’t created official decryption software yet. Thus, after Mich78 removal, you can recover your files from backups. Third-party software may help to get back some of your files as well. Alternative data recovery suggestions are presented at the end of the article.

Circulation of the file-encrypting virus
Typically, malware enters the system when user clicks, opens or downloads a malicious content. It might be a link, ad, program or infected email attachment. The main distribution channels of the ransomware are:
- obfuscated spam email attachments;
- malware-laden ads;
- bogus or illegal downloads;
- fake software updates;
- exploit kits.
In order to avoid Mich78 infiltration, you should not open suspicious emails and suspicious content attached to them. Moreover, you should stay away from aggressive ads and insecure file-sharing sites that might be spreading ransomware in the form of an illegal or fake program. Keeping software and operating system updated helps to protect your PC from ransomware too. However, you have to choose reliable sources for the updates.
Termination guidelines of the Mich78 virus
Mich78 removal has to be completed using powerful security software. We recommend deleting the virus using FortectIntego or SpyHunterCombo Cleaner. These two malware removal programs can eliminate the virus safely and protect your PC from other cyber threats in the future.
Trying to find and uninstall virus-related components manually may lead to irreparable damage to the system. According to Bedynet[3] researchers, home computer users usually do not have necessary skills to terminate malware manually. Such task can be properly completed by IT specialists only.
However, automatic elimination might be challenging. The virus might be resistant. Thus, you may need to reboot the computer to Safe Mode with Networking to run security software. The instructions below will show you how to deal with these issues and remove Mich78 automatically.
Was this guide helpful?
Be the first to comment