This week, experienced security specialists has received reports of yet another ransomware named Mole66. This ransomware spreads via spam emails and malware files and appends the MOLE66 extension to encrypted files.
The Mole66 is a ransomware, which made to encrypt the documents, photos and music found on infected PC system using a hybrid encryption mode, adding the MOLE66 extension to all encrypted files. It can encrypt almost types of files, including the following:
.avi, .wire, .arch00, .bkp, .wsc, .js, .xx, .t13, .wpb, .wpe, .xlgc, .wav, .indd, .2bp, .menu, .esm, .vfs0, .xll, .7z, .wbmp, .pptm, .der, .nrw, .wp6, .xlsx, .odt, .orf, .apk, .bc7, .sum, .mlx, .vdf, .rtf, .d3dbsp, .ods, .sidn, .tor, .xyp, .zw, .iwi, .lrf, .qic, .dba, .xar, .xf, .csv, .upk, .map, .docx, .xlsb, .mdf, .xpm, .txt, .dazip, .mp4, .wbc, .wp4, .ncf, .hkx, .pst, .odm, .x3d, .wmv, .raf, .fsh, .erf, .ysp, .vtf, .webdoc, .wgz, .gdb, .zi, .3dm, .ff, .pdf, .mdb, .wotreplay, .odc, .p7c, .mpqge, .wps, .wpw, .cdr, .flv, .xy3, .sr2, .ibank, .1st, .wdp, .wpa, .0, .hkdb, .hvpl, .xxx, .mef, .wbz, .bar, .xbplate, .desc, .gho, .webp, .blob, .x3f, .qdf, .mddata, .eps, .3ds, .cr2, .xls, .wdb, .sie, .pkpass, .mov, .zif, .rar, .litemod, .jpeg, .wp5, .sidd, .yal, .psd, .kdc, .epk, .rgss3a, .xlsx, .zip, .bkf, .bay, .xlsm, .raw, .zdc, .wmd, .arw, .yml, .w3x, .lbf, .zabw, .cer, .big, .jpg, .icxs, .pptx, .dwg, .xld, .re4, .xwp, .3fr, .m2, .p7b, .x3f, .wsh, .xdl, .ws, .x, .dbf, .forge, .wb2, .wcf, .asset, .rb, .dxg, .wp, .accdb, .wmf, .xml, .css, .ltx, .wpt, .pef, .pem, .png, .sid, .wmv, .sav, .m4a, .p12, .crt, .vpk, .srw, .vcf, .kdb, .bc6, .mdbackup, .xbdoc, .vpp_pc, .pfx, .cfr, wallet, .wri, .db0, .bik, .bsa, .ybk, .lvl, .layout, .slm, .svg, .crw, .doc, .dng, .wmo, .ppt, .syncdb, .ntl, .xmmap, .tax, .r3d, .wps, .wp7, .xdb, .zip, .py, .docm, .1
When the ransomware virus encrypts a file, it will change filename and add the MOLE66 extension to each encrypted file. Once the ransomware virus finished enciphering of all photos, documents and music, it will drop a file called “_HELP_INSTRUCTIONS_.TXT” with ransom instructions on how to decrypt all photos, documents and music. An example of the ransomnote is:
!!!All your files are encrypted!!!
What to decipher write on mail email@example.com
Do not move or delete files!!!!
—- Your ID: —-
!!! You have 3 days otherwise you will lose all your data.!!!
If your files have been encrypted by the Mole66 virus, We suggests: do not to pay the ransom. If this malware make money for its makers, then your payment will only increase attacks against you. Of course, decryption without the private key is not feasible, but that does not mean that the Mole66 ransomware virus must seriously disrupt your live. The free utilities listed below can be used to scan for and remove this ransomware virus and prevent any further damage. After that you can recover encrypted photos, documents and music from their Shadow Copies or using file recover utility.
Therefore it is very important to follow the step-by-step guide below sooner. The step-by-step guide will help you to remove Mole66 ransomware. What is more, the steps below will allow you restore encrypted documents, photos and music for free.
Table of contents
- What is Mole66 virus
- How to decrypt .MOLE66 files
- How to remove Mole66 virus
- How to restore .MOLE66 files
- How to prevent your computer from becoming infected by Mole66 ransomware virus?
- To sum up
How to decrypt .MOLE66 files
Currently there is no available solution to decrypt MOLE66 files, but you have a chance to recover encrypted documents, photos and music for free. The ransomware uses a strong encryption mode that means that decrypt your files is impossible without the private key. Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the makers of the Mole66 ransomware virus entire amount requested – the only method to try to get the decryption key and decrypt all your files.
There is absolutely no guarantee that after pay a ransom to the makers of the Mole66 virus, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.
How to remove Mole66 virus
Manual removal does not always allow to completely remove the Mole66 virus, as it is not easy to identify and remove components of ransomware virus and all malicious files from hard disk. Therefore, it is recommended that you use malware removal tool to completely remove Mole66 ransomware virus off your PC system. Several free malware removal utilities are currently available that can be used against the ransomware. The optimum solution would be to run Zemana Anti-malware, Malwarebytes Free and Kaspersky Virus Removal Tool.
Automatically get rid of Mole66 with Zemana Anti-malware
Zemana Anti-malware highly recommended, because it can look for security threats such Mole66 virus, adware and other malicious software which most ‘classic’ antivirus software fail to pick up on. Moreover, if you have any Mole66 removal problems which cannot be fixed by this tool automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.
Click the link below to download Zemana AntiMalware. Save it to your Desktop so that you can access the file easily.
Author: Zemana Ltd
Category: Security tools
Update: February 14, 2019
When the downloading process is finished, close all software and windows on your personal computer. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup as displayed in the following example.
When the installation begins, you will see the “Setup wizard” that will help you set up Zemana Anti-Malware (ZAM) on your PC.
Once setup is complete, you will see window as shown on the screen below.
Now click the “Scan” button . Zemana tool will begin scanning the whole system to find out Mole66 virus and other kinds of potential threats like malicious software and PUPs. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your machine and the speed of your PC system. While the Zemana Anti-Malware is checking, you can see how many objects it has identified either as being malware.
Once the scan get completed, a list of all threats found is prepared. Review the scan results and then click “Next” button.
The Zemana will delete Mole66 ransomware and other kinds of potential threats such as malware and PUPs and add threats to the Quarantine.
Scan and free your machine of ransomware with Malwarebytes
We advise using the Malwarebytes Free. You can download and install Malwarebytes to detect and remove Mole66 ransomware virus from your computer. When installed and updated, the free malware remover will automatically scan and detect all threats present on the personal computer.
Download MalwareBytes on your Windows Desktop by clicking on the link below.
Category: Security tools
Update: February 5, 2019
After the downloading process is finished, run it and follow the prompts. Once installed, the MalwareBytes will try to update itself and when this procedure is finished, press the “Scan Now” button to detect Mole66 ransomware and other kinds of potential threats such as malware and PUPs. This task may take some time, so please be patient. While the utility is scanning, you can see how many objects and files has already scanned. Review the results once the utility has complete the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click “Quarantine Selected” button.
The MalwareBytes Anti Malware (MBAM) is a free program that you can use to delete all detected folders, files, services, registry entries and so on. To learn more about this malware removal utility, we advise you to read and follow the instructions or the video guide below.
Run KVRT to delete Mole66 virus from the personal computer
KVRT is a free removal utility that may be downloaded and use to get rid of viruss, adware, malicious software, PUPs, toolbars and other threats from your PC. You can use this tool to find threats even if you have an antivirus or any other security application.
Download Kaspersky virus removal tool (KVRT) on your Windows Desktop by clicking on the following link.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the download is finished, double-click on the KVRT icon. Once initialization process is complete, you’ll see the KVRT screen as shown on the image below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan with this tool for the Mole66 ransomware virus and other malware. This task may take quite a while, so please be patient. While the KVRT is scanning, you can see how many objects it has identified either as being malware.
After the scan is finished, you will be opened the list of all detected items on your computer as on the image below.
In order to delete all threats, simply press on Continue to begin a cleaning task.
How to restore .MOLE66 files
In some cases, you can recover files encrypted by Mole66 ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted photos, documents and music.
Restore .MOLE66 files with ShadowExplorer
The Microsoft Windows has a feature called ‘Shadow Volume Copies’ that can help you to restore .MOLE66 files encrypted by the ransomware virus. The way described below is only to recover encrypted photos, documents and music to previous versions from the Shadow Volume Copies using a free tool called the ShadowExplorer.
Please go to the link below to download the latest version of ShadowExplorer for Microsoft Windows. Save it to your Desktop so that you can access the file easily.
Category: Security tools
Update: February 27, 2018
Once downloading is complete, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder like below.
Launch the ShadowExplorer utility and then choose the disk (1) and the date (2) that you wish to recover the shadow copy of file(s) encrypted by the Mole66 ransomware virus as on the image below.
Now navigate to the file or folder that you wish to recover. When ready right-click on it and press ‘Export’ button as displayed on the screen below.
Recover .MOLE66 files with PhotoRec
Before a file is encrypted, the Mole66 virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your documents, photos and music using file recover software such as PhotoRec.
Download PhotoRec from the link below. Save it directly to your Windows Desktop.
Category: Security tools
Update: March 1, 2018
When downloading is done, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown on the screen below.
Double click on qphotorec_win to run PhotoRec for Windows. It will open a screen as shown on the screen below.
Select a drive to recover like below.
You will see a list of available partitions. Select a partition that holds encrypted personal files like below.
Click File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is done, click OK button.
Next, click Browse button to select where recovered files should be written, then click Search.
Count of restored files is updated in real time. All restored documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is finished, click on Quit button. Next, open the directory where recovered photos, documents and music are stored. You will see a contents as displayed on the screen below.
All recovered personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to prevent your computer from becoming infected by Mole66 ransomware virus?
Most antivirus applications already have built-in protection system against the ransomware. Therefore, if your system does not have an antivirus program, make sure you install it. As an extra protection, use the CryptoPrevent.
Run CryptoPrevent to protect your machine from Mole66 virus
Download CryptoPrevent on your Windows Desktop by clicking on the following link.
Run it and follow the setup wizard. Once the installation is finished, you’ll be shown a window where you can choose a level of protection, as shown in the following example.
Now click the Apply button to activate the protection.
To sum up
Once you’ve done the step-by-step guidance outlined above, your machine should be clean from Mole66 ransomware virus and other malware. Your computer will no longer encrypt your documents, photos and music. Unfortunately, if the steps does not help you, then you have caught a new ransomware, and then the best way – ask for help in our Spyware/Malware removal forum.