Mercury ransomware is a file-locking virus that promises the decryption key after the ransom is transferred

Mercury ransomware is a cryptolocker which uses the AES encryption algorithm[1] to lock various files such as images, videos, audios, text documents, databases, etc. This cyber threat can reach the computer system via phishing email messages and rogue content that comes attached together. After such illegitimate infiltration, .Mercury files ransomware modifies the Windows Registry and creates multiple new entries. Moreover, the virus ads the .Mercury extension to each blocked document. After the encryption process is finished, victims receive a ransom message !!!READ_IT!!!.txt. Cybercrooks ask for a specific amount of money in Bitcoin for the decryption tool. Furthermore, criminals provide the getmydata@india.com and mydataback@aol.com email addresses as a way to make contact and discuss all payment details.
| Name | Mercury |
|---|---|
| Type | Ransomware virus |
| Danger level | Very high. Locks files and turns them unusable, can have other dangerous abilities |
| Appendix | .Mercury |
| Ransom note | !!!READ_IT!!!.txt |
| Contacts given | getmydata@india.com, mydataback@aol.com |
| Other possible features | Disabling the antivirus, deleting shadow copies, eliminating files after encryption, etc. |
| Distribution sources | Spam messages, third-party networks |
| Removal process | Detect rogue content with FortectIntego and remove the virus |
Mercury virus might have a wide range of other damaging abilities such as:
- disabling the antivirus program;
- deleting shadow volume copies of locked files;
- stopping the Windows Recovery process;
- automatically terminating some documents after encryption;
- opening a path for other malware forms.[2]
As you see, Mercury ransomware might have various unpleasant abilities which might harm your computer system even more and the cyber threat will become even harder to get rid of. Furthermore, cybercriminals offer 1 file for free decryption to gain the victims' trust. However, you should NEVER believe in these people. If there is no rush and data recovery is not necessary at the moment, we suggest avoiding contact with the hackers and transferring any money to their accounts.
A better option would be to perform the Mercury ransomware removal by using strong and reliable anti-malware tools. Also, you can use a program such as FortectIntego or SpyHunterCombo Cleaner to detect all malware-laden components that might be hiding in your computer system. After the elimination is completed, you can start thinking about data recovery options. Our recommendation would be to take a look at the below-provided file restoring tools that might be helpful for this purpose.
Note that criminals who spread ransomware viruses always use strong encryption algorithms such as RSA, AES, or SHA. These codes are almost impossible to identify as they differ each time. Nevertheless, crooks store them on remote servers where the encryption and decryption keys are unreachable for any other people. However, remove Mercury virus and avoid unnecessary money losses by declining offers to pay the demanded ransom price.
According to cybersecurity experts from Virusai.lt,[3] it is advisable to store copies of important documents on remote devices such as USB flash drives or remote servers such as iCloud. This will allow you to protect all valuable files from the encryption of dangerous viruses such as Mercury ransomware. One more thing, if you decide to use a USB drive, make sure that you keep it unplugged from your machine when it is out of use.

Tricky emails might distribute ransomware
Cybercriminals often send tricky emails to their victims. For example, the crooks might send a message that is an imitation of a letter that came from a worldwide company such as eBay. This way victims easily get convinced to open the email message and attachments that are clipped to it. However, this might relate in the secret installation of malware. You can prevent such activity by avoiding opening emails that you were not expecting to receive recently.
Moreover, ransomware viruses can be distributed thru some third-party networks such as Torrents.[4] As these websites come improperly disclosed, they do not fit the security requirements and often lack recommended protection. Stay away from all non-original pages and eliminate all suspicious ones you enter. Moreover, be careful whenever you perform browsing activity – do not click on questionable hyperlinks, do not download unknown programs, etc.
Terminate Mercury ransomware from the system permanently
Spotting files with the .Mercury appendix means that your documents are locked by the ransomware virus. If you want to reverse such changes, first you need to remove Mercury virus from your computer system and get rid of malware-related components. For such purpose, use only reputable and expert-tested anti-malware software as other options are not available for this case – ransomware is too hard to terminate on your own.
After you perform the Mercury ransomware removal, refresh the entire computer system to make sure that all hazardous components were disabled. Also, do not forget to stay cautious to avoid similar infections in the future. Remember to take care of all valuable data by storing copies of it on remote servers or devices. Once the elimination is finished, take a look out our below-given data recovery third-party software.
Was this guide helpful?
Be the first to comment