Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Dec 2018

How to remove Mercury ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Linas Kiguolis · Expert in social media

Mercury ransomware is a file-locking virus that promises the decryption key after the ransom is transferred

Mercury ransomware

Mercury ransomware is a cryptolocker which uses the AES encryption algorithm[1] to lock various files such as images, videos, audios, text documents, databases, etc. This cyber threat can reach the computer system via phishing email messages and rogue content that comes attached together. After such illegitimate infiltration, .Mercury files ransomware modifies the Windows Registry and creates multiple new entries. Moreover, the virus ads the .Mercury extension to each blocked document. After the encryption process is finished, victims receive a ransom message !!!READ_IT!!!.txt. Cybercrooks ask for a specific amount of money in Bitcoin for the decryption tool. Furthermore, criminals provide the getmydata@india.com and mydataback@aol.com email addresses as a way to make contact and discuss all payment details.

Name Mercury
Type Ransomware virus
Danger level Very high. Locks files and turns them unusable, can have other dangerous abilities
Appendix .Mercury
Ransom note !!!READ_IT!!!.txt
Contacts given getmydata@india.com,  mydataback@aol.com
Other possible features Disabling the antivirus, deleting shadow copies, eliminating files after encryption, etc.
Distribution sources Spam messages, third-party networks
Removal process Detect rogue content with FortectIntego and remove the virus

Mercury virus might have a wide range of other damaging abilities such as:

  • disabling the antivirus program;
  • deleting shadow volume copies of locked files;
  • stopping the Windows Recovery process;
  • automatically terminating some documents after encryption;
  • opening a path for other malware forms.[2]

As you see, Mercury ransomware might have various unpleasant abilities which might harm your computer system even more and the cyber threat will become even harder to get rid of. Furthermore, cybercriminals offer 1 file for free decryption to gain the victims' trust. However, you should NEVER believe in these people. If there is no rush and data recovery is not necessary at the moment, we suggest avoiding contact with the hackers and transferring any money to their accounts.

A better option would be to perform the Mercury ransomware removal by using strong and reliable anti-malware tools. Also, you can use a program such as FortectIntego or SpyHunterCombo Cleaner to detect all malware-laden components that might be hiding in your computer system. After the elimination is completed, you can start thinking about data recovery options. Our recommendation would be to take a look at the below-provided file restoring tools that might be helpful for this purpose.

Note that criminals who spread ransomware viruses always use strong encryption algorithms such as RSA, AES, or SHA. These codes are almost impossible to identify as they differ each time. Nevertheless, crooks store them on remote servers where the encryption and decryption keys are unreachable for any other people. However, remove Mercury virus and avoid unnecessary money losses by declining offers to pay the demanded ransom price.

According to cybersecurity experts from Virusai.lt,[3] it is advisable to store copies of important documents on remote devices such as USB flash drives or remote servers such as iCloud. This will allow you to protect all valuable files from the encryption of dangerous viruses such as Mercury ransomware. One more thing, if you decide to use a USB drive, make sure that you keep it unplugged from your machine when it is out of use.

Mercury ransomware virus

Tricky emails might distribute ransomware

Cybercriminals often send tricky emails to their victims. For example, the crooks might send a message that is an imitation of a letter that came from a worldwide company such as eBay. This way victims easily get convinced to open the email message and attachments that are clipped to it. However, this might relate in the secret installation of malware. You can prevent such activity by avoiding opening emails that you were not expecting to receive recently.

Moreover, ransomware viruses can be distributed thru some third-party networks such as Torrents.[4] As these websites come improperly disclosed, they do not fit the security requirements and often lack recommended protection. Stay away from all non-original pages and eliminate all suspicious ones you enter. Moreover, be careful whenever you perform browsing activity – do not click on questionable hyperlinks, do not download unknown programs, etc.

Terminate Mercury ransomware from the system permanently

Spotting files with the .Mercury appendix means that your documents are locked by the ransomware virus. If you want to reverse such changes, first you need to remove Mercury virus from your computer system and get rid of malware-related components. For such purpose, use only reputable and expert-tested anti-malware software as other options are not available for this case – ransomware is too hard to terminate on your own.

After you perform the Mercury ransomware removal, refresh the entire computer system to make sure that all hazardous components were disabled. Also, do not forget to stay cautious to avoid similar infections in the future. Remember to take care of all valuable data by storing copies of it on remote servers or devices. Once the elimination is finished, take a look out our below-given data recovery third-party software.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.