Mercury ransomware (Improved Guide) - Bonus: Decryption Steps
Mercury virus Removal Guide
What is Mercury ransomware?
Mercury ransomware is a file-locking virus that promises the decryption key after the ransom is transferred
Mercury ransomware is a file locking virus which uses AES encryption to block documents on the infected PC.
Mercury ransomware is a cryptolocker which uses the AES encryption algorithm to lock various files such as images, videos, audios, text documents, databases, etc. This cyber threat can reach the computer system via phishing email messages and rogue content that comes attached together. After such illegitimate infiltration, .Mercury files ransomware modifies the Windows Registry and creates multiple new entries. Moreover, the virus ads the .Mercury extension to each blocked document. After the encryption process is finished, victims receive a ransom message !!!READ_IT!!!.txt. Cybercrooks ask for a specific amount of money in Bitcoin for the decryption tool. Furthermore, criminals provide the firstname.lastname@example.org and email@example.com email addresses as a way to make contact and discuss all payment details.
|Danger level||Very high. Locks files and turns them unusable, can have other dangerous abilities|
|Contacts firstname.lastname@example.org, email@example.com|
|Other possible features||Disabling the antivirus, deleting shadow copies, eliminating files after encryption, etc.|
|Distribution sources||Spam messages, third-party networks|
|Removal process||Detect rogue content with RestoroIntego and remove the virus|
Mercury virus might have a wide range of other damaging abilities such as:
- disabling the antivirus program;
- deleting shadow volume copies of locked files;
- stopping the Windows Recovery process;
- automatically terminating some documents after encryption;
- opening a path for other malware forms.
As you see, Mercury ransomware might have various unpleasant abilities which might harm your computer system even more and the cyber threat will become even harder to get rid of. Furthermore, cybercriminals offer 1 file for free decryption to gain the victims' trust. However, you should NEVER believe in these people. If there is no rush and data recovery is not necessary at the moment, we suggest avoiding contact with the hackers and transferring any money to their accounts.
A better option would be to perform the Mercury ransomware removal by using strong and reliable anti-malware tools. Also, you can use a program such as RestoroIntego or SpyHunter 5Combo Cleaner to detect all malware-laden components that might be hiding in your computer system. After the elimination is completed, you can start thinking about data recovery options. Our recommendation would be to take a look at the below-provided file restoring tools that might be helpful for this purpose.
Note that criminals who spread ransomware viruses always use strong encryption algorithms such as RSA, AES, or SHA. These codes are almost impossible to identify as they differ each time. Nevertheless, crooks store them on remote servers where the encryption and decryption keys are unreachable for any other people. However, remove Mercury virus and avoid unnecessary money losses by declining offers to pay the demanded ransom price.
According to cybersecurity experts from Virusai.lt, it is advisable to store copies of important documents on remote devices such as USB flash drives or remote servers such as iCloud. This will allow you to protect all valuable files from the encryption of dangerous viruses such as Mercury ransomware. One more thing, if you decide to use a USB drive, make sure that you keep it unplugged from your machine when it is out of use.
Mercury ransomware is a dangerous cyber threat which enters the system thru rogue email messages and their attachments.
Tricky emails might distribute ransomware
Cybercriminals often send tricky emails to their victims. For example, the crooks might send a message that is an imitation of a letter that came from a worldwide company such as eBay. This way victims easily get convinced to open the email message and attachments that are clipped to it. However, this might relate in the secret installation of malware. You can prevent such activity by avoiding opening emails that you were not expecting to receive recently.
Moreover, ransomware viruses can be distributed thru some third-party networks such as Torrents. As these websites come improperly disclosed, they do not fit the security requirements and often lack recommended protection. Stay away from all non-original pages and eliminate all suspicious ones you enter. Moreover, be careful whenever you perform browsing activity – do not click on questionable hyperlinks, do not download unknown programs, etc.
Terminate Mercury ransomware from the system permanently
Spotting files with the .Mercury appendix means that your documents are locked by the ransomware virus. If you want to reverse such changes, first you need to remove Mercury virus from your computer system and get rid of malware-related components. For such purpose, use only reputable and expert-tested anti-malware software as other options are not available for this case – ransomware is too hard to terminate on your own.
After you perform the Mercury ransomware removal, refresh the entire computer system to make sure that all hazardous components were disabled. Also, do not forget to stay cautious to avoid similar infections in the future. Remember to take care of all valuable data by storing copies of it on remote servers or devices. Once the elimination is finished, take a look out our below-given data recovery third-party software.
Getting rid of Mercury virus. Follow these steps
Manual removal using Safe Mode
Disable the virus's activity by using Safe Mode with Networking. Activate this option by performing below-given steps:
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
- Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
After you are finished, reboot the PC in normal mode.
Remove Mercury using System Restore
Turn on the System Restore function to disable the ransomware virus by following these instructions:
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of Mercury. After doing that, click Next.
- Now click Yes to start system restore.
Bonus: Recover your dataGuide which is presented above is supposed to help you remove Mercury from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.
If your files were encrypted by the ransomware virus, you can try recovering them by performing our provided methods.
If your files are encrypted by Mercury, you can use several methods to restore them:
Use Data Recovery Pro for file restoring purposes:
This tool can truly be helpful if used as required.
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by Mercury ransomware;
- Restore them.
Windows Previous Versions feature might recover locked files:
If you have enabled the System Restore function in the past, you can give this method a try.
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
Try Shadow Explorer to recover some data:
The Shadow Explorer tool might be truly helpful for data recovery purposes, however, make sure that Mercury ransomware did not damage or delete Shadow Volume Copies of locked files.
- Download Shadow Explorer (http://shadowexplorer.com/);
- Follow a Shadow Explorer Setup Wizard and install this application on your computer;
- Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
- Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.
No official Mercury ransomware decryptor has been released yet.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Mercury and other ransomwares, use a reputable anti-spyware, such as RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Advanced Encryption Standard. Wikipedia. The free encyclopedia.
- ^ Roger A. Grimes. 8 types of malware and how to recognize them. CSO online. From IDG.
- ^ Virusai.lt. Virusai. Cybersecurity news page.
- ^ Vignesh Krishnasamy. What are torrents?. Quora. Worldwide questions and answers.