What is Mermaid Ransomware
Mermaid ransomware (alt. name is Deniz Kızı) is another ransomware virus that penetrates the user’s PC without its consent and knowledge. After that, the ransomware encrypts user data using TR1224, which makes the files unsuitable for further use, reading, editing, and so on. Also, it is worth noting that the cryptovirus can delete shadow copies of files and system restore points in order to prevent you from recovering files using special utilities or standard OS services.
At present, a genealogical relationship with any ransomware family has not been established. Speaking about the distribution period, we note that Mermaid ransomware began to spread actively in mid-December 2019, and in just a few days, users from all over the world began to complain that Mermaid ransomware had encrypted their data. Also, it is worth noting that the virus changes the file extension to .Deniz_Kızı, which makes them permanently unusable. Below we have posted the image and content of a scam note Please Read Me!!!.hta that contains information about the ransom methods.
FILES ARE ENCRYPTED:
Hello! All your documents, photos, databases and other important files are ENCRYPTED! Do you really want to restore your files?
If you want to unlock your data, you need to buy special decoding software!
Write to our email – yardimail1@aol.com If you do not receive a reply within 24 hours, write to our additional email address – yardimail2@aol.com
We”ll send you a complete instruction on how to decrypt all your files.
=================================================
* WHAT SHOULD I DO ??=================================================
First of all your files are NOT DAMAGED!
Your files have been modified and encrypted with the TR1224 double encryption algorithm.
This change is reversible. The only way to decrypt your files is to purchase the decipher tool that is special to you.
Any attempt to irreversibly corrupt your files, and attempting to restore them with third-party software will be fatal to your files.
=================================================
* SO MY FILES WILL RETURN TO THE OLD STATE AND HOW SHOULD I PAY ???=================================================
To decode the password you have to buy our special decoding tool, we already said that.
and the deciphering tool costs $ 400, you will pay by bitcoin and you must contact us for payment.
Once the payment is made, we will send you the special decoding tool by email.
and it is enough to run the.
=================================================
* FREE DECRYPT FILE!!! =================================================
Free decryption as warranty!
If you don”t believe in our service and want to see proof, you can ask us about the test for decryption.
You send us up to 2 encrypted files.
Use the file sharing service and Win-Rar to send files for testing. Files must be smaller than 1 MB (unarchived) and Files should not matter! Do not send us databases, backups or large excells. Files etc. We will decrypt and send back your decrypted files as proof!
=================================================
* HOW TO BUY BITCOINS ???=================================================
Bitcoins have two simple ways:
Link1: https://exmo.me/en/support#/1_3
Link2: https://localbitcoins.net/guides/how-to-buy-bitcoins
Read the information in these links carefully, because you may need to buy even large quantities.
Note: Use translation for Turkish source.
=================================================
!!! ATTENTION !!! =================================================
!!! If you do not pay within 2 days, you will not be able to recover your files forever.
!!! Do not rename encrypted files.
!!! Do not attempt to decrypt your data using third-party software, as this may cause permanent data loss.
!!! Unraveling your files with the help of third parties can lead to increased prices and don”t trust anyone even your dog.
=================================================
* THE KEY REQUIRED FOR THE DECRYPT TOOL =================================================
Don”t change these 2 key decryption tool for this 2 key required !!!
and please note that these 2 keys are encrypted with the AES-256 encryption system.
Key1:
/RzxA7VCvifE4Hjm8/5IhRLZhFWzP3LzQambUINoFxgs2DAzHjW1w4lW2Uj/YaQiQ***
Key2:
6ilaoa4uQh2q75heZdPCqMk4Ipnz3eBwk/22hxM95c3Tdzb0ZyTzO4ZzBJuN0mSIf***
=================================================
The note contains email addresses and other contacts for contacting cybercriminals. They also offer the user free decryption of 2 files, however, remember that this is just a tricky trick. The main task of scammers is to make you pay a ransom of $400 and there are no guarantees that after fulfilling their conditions your files will be returned to their original condition. We highly recommend that you use our recommendations and instructions to delete Mermaid ransomware and decrypt .Deniz_Kızı files.
Well, there are 2 options for solving this problem. The first is to use an automatic removal utility that will remove the threat and all instances related to it. Moreover, it will save you time. Or you can use the Manual Removal Guide, but you should know that it might be very difficult to remove Mermaid ransomware manually without a specialist’s help.
Mermaid Removal Guide
Remember that you need to remove Mermaid Ransomware first and foremost to prevent further encryption of your files before the state of your data becomes totally useless. And only after that, you can start recovering your files. Removal must be performed according to the following steps:
- Download Mermaid Removal Tool.
- Remove Mermaid from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
- Restore .Mermaid files
- How to protect PC from future infections.
How to remove Mermaid ransomware automatically:
Thor Home may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.
Alternative solution – Malwarebytes
This program will find malicious files, hijackers, adware, potentially unwanted programs and will neutralize it. Also, Norton will help you clean your system properly.
If you’re Mac user – use this.
Manual Mermaid Removal Guide
Here are step-by-step instructions to remove Mermaid from Windows and Mac computers. Follow these steps carefully and remove files and folders belonging to Mermaid. First of all, you need to run the system in a Safe Mode. Then find and remove needed files and folders.
Uninstall Mermaid from Windows or Mac
Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:
Mermaid.dll
_readme.txt
readme.txt
Windows 7/Vista:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Mermaid by using Removal Tool;
- Delete found files;
Windows 8/8.1:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Mermaid by using Removal Tool;
- Delete found files;
Windows 10:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Mermaid by using Removal Tool;
- Delete found files;
Windows XP:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Mermaid by using Removal Tool;
- Delete found files;
Mac OS:
- Restart the computer;
- Press and Hold Shift button, before system will be loaded;
- Release Shift button, when Apple logo appears;
- Find programs or files potentially related to Mermaid by using Removal Tool;
- Delete found files;
How to restore encrypted files
You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.
Restore data with Stellar Data Recovery
Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.
- Download and install Stellar Data Recovery
- Choose drives and folders with your data, then press Scan.
- Select all the files in a folder, then click on Restore button.
- Manage export location. That’s it!
Restore encrypted files using Recuva
There is an alternative program, that may help you to recover files – Recuva.
- Run the Recuva;
- Follow instructions and wait until scan process ends;
- Find needed files, mark them and Press Recover button;
How to prevent ransomware infection?
It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.
Malwarebytes
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.