Threat Management

MIRCOP ransomware blames victim for attack, demands $28K ransom

A cybercriminal gang has initiated what could possibly be one of the most self-defeating ransomware campaigns on record that not only blames the victim for the attack, but demands a ransom of $28,000 and then refuses to tell the victim how to pay the ransom.

Trend Micro's Threat Response Engineer Jaaziel Carlos detailed the group's efforts to push the MIRCOP crypto-ransomware, detected as RANSOM_MIRCOP.A, writing in a blog that the victim is first presented with a ransom note, complete with scary Guy Fawkes image, that accuses the victim of having stolen 48.48 bitcoins (about $28,730) from the attacker and demands repayment in order to free the locked files. Carlos said this is among the highest ransoms seen by Trend Micro.


So far Trend Micro has not seen any payments made to the MIRCON gang, which makes sense because the bad guys also don't supply instructions on how to purchase Bitcoin, which is a staple with most ransomware attacks.

“Unlike other ransomware notes where victims are instructed step-by-step on how to make the payment, MIRCOP suggests that the victim is familiar with making bitcoin transactions,” Carlos wrote.

The malware is delivered through a spam email attachment that presents itself as a customs form from Thailand. In reality it is a macro enable document that uses Windows PowerShell to execute the download.

In addition to encrypting files, MIRCOP is also able to swipe a variety of login credential for browsers and social media sites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.