Home / Spyware Help / Mole66 Ransomware Removal Guide

Mole66 Ransomware Removal Guide

by 0 Comments

Do you know what Mole66 Ransomware is?

Mole66 Ransomware is the newest variant in the Mole Ransomware family, which derives from another well-known infection, CryptoMix Ransomware. The infection keeps reemerging with a facelift; however, in reality, not much changes. In fact, our research team reports that the different versions of this malware can be identified by looking at the email addresses that are represented via ransom notes, as well as the extensions that are attached to the encrypted files. Besides that, all variants of this malware function in the same way. First of all, they need to slither into the operating system, and they are likely to do that using corrupted spam emails or using vulnerabilities that exist in unprotected operating systems. Once in, they immediately move on to the encryption of files. In this report, we explain the performance of this malware, and we discuss the removal of Mole66 Ransomware specifically.

Just like Mole02 Ransomware or Mole03 Ransomware, the malicious Mole66 Ransomware was created for the purpose of encrypting files and demanding a ransom. If it accesses the operating system, it creates a copy of itself first. The file is created in the %ALLUSERSPROFILE% directory, its name has 10 random characters, and it is linked to a point of execution in Windows Registry. You can find the PoE in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce. Then, the infection deletes shadow volume copies using the '/C vssadim.exe delete shadows /all /quiet' command, and that ensures that recovering files manually is not possible. When it comes to the encryption, Mole66 Ransomware encrypts files in all folders except %WINDIR%, %PROGRAMFILES%, and %PROGRAMFILES(x86)%. When the file is corrupted, its name is encrypted as well, and the unique “.MOLE66” extension is added to the name. Once files are encrypted successfully, the ransom note file is represented via a file named “_HELP_INSTRUCTIONS_.TXT,” which is placed in every affected folder.Mole66 Ransomware Removal GuideMole66 Ransomware screenshot
Scroll down for full removal instructions

According to the message delivered via the “_HELP_INSTRUCTIONS_.TXT” file, users can decipher files if they agree to email alpha2018a@aol.com. It is also suggested that moving or deleting files is a bad idea. Users have 3 days to send a unique ID number to this email to get further instructions. Without a doubt, you would be asked to pay a ransom if you emailed the creators of Mole66 Ransomware. Doing that is not advised because cyber criminals are not known for keeping their promises or helping their victims. According to our research team, free decryptors have been created for other Mole Ransomware variants in the past; however, we cannot guarantee that that would happen in this case as well. All in all, paying the ransom is not recommended at all, and, hopefully, your files are backed up externally, and you can retrieve them after you delete Mole66 Ransomware.

The instructions below can help you remove Mole66 Ransomware manually, but you need to know where the launcher of the file is. If you are not experienced, erasing this devious infection manually can be a challenge, which is why we advise installing anti-malware software instead. You really should think about this option because you want the full-time protection that this software can provide you with. If you have any questions about the removal of this devious infection, our research team is ready to answer them all. You can communicate with us via the comments section.

Remove Mole66 Ransomware

  1. Find and Delete the malicious {unknown name}.exe launcher file.
  2. Tap keys Win+E to launch Windows Explorer.
  3. Enter %ALLUSERSPROFILE% into the bar at the top.
  4. Delete the copy of the launcher, {10 random characters}.exe.
  5. Tap keys Win+R to launch RUN and then enter regedit.exe into the dialog box.
  6. In Registry Editor move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  7. Delete the value ({10 random characters})that represents the ransomware file.
  8. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce and repeat step 7.
  9. Delete all copies of the ransom note file, _HELP_INSTRUCTIONS_.TXT.
  10. Empty Recycle Bin and then quickly complete a full system scan to check if the system is clean.

In non-techie terms:

Mole66 Ransomware is a real pest. If it finds its way in, it corrupts your files without you even knowing it. When the time is ready, a ransom note file is created, and, according to it, you need to email cyber criminals. If you do that, you are potentially opening yourself up to malware installers and other scams. Of course, cyber criminals want you to establish communication primarily so that they could ask you to pay a ransom. Doing that is a terrible idea, and we recommend against doing that. Ultimately, whatever you do, and whatever happens to your files (whether or not you are able to decrypt or recover them), you want to delete Mole66 Ransomware as soon as possible. The instructions at the top show how to erase this malware manually. That is not your only option. You also can install anti-malware software, and that is what we recommend because besides automatically cleaning your PC from malware, it also can enable full-time protection.