File Extension: .MOLE01
File name: _HELP_INSTRUCTION.TXT
All your files are encrypted with RSA2048 and AES128 ciphers.
More information about the RSA and AES can be found here:
Decrypting your files is only possible with
he private key and decrypts programs, which is on our secret server.
Follow these steps:
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
4.Follow the instructions on the site.
!_! Your DECRYPT-ID: 2c644747-0caa-401e-8c02-96f2268c5761 !_!
One user computer was encrypted, and then the shared folders that the user had access to were also encrypted. Malwarebytes removed the infected files, and I only grabbed the name of one before it was quarantined - I was a bit panicked and didn't think to save them. File was located at %appdata%\Roaming\BCDEDEC2584.EXE. Malwarebytes labeled that as Ransom.GlobeImposter.
When ID'ing the ransomware I'm told that it's CryptoMix Revenge, but the file extensions don't seem to match up.
I can't find much about the .MOLE01 extension, just the .MOLE and the .MOLE02 extensions. I attempted to run the MOLE02 decryption software from this site and attempted to use the decryption software from cert.pl but that didn't work either.
I'm currently recovering from the limited backups that they have and hoping I've overlooked an already discovered decryption method.