What is Mimic Ransomware

Mimic is the name of a ransomware infection that encrypts access to data, appends the .QUIETPLACE extension, and eventually demands victims to pay ransom for the decryption. This virus is one of the variants among other file encryptors that were developed supposedly by the same cybercriminals. Other versions are known to assign extensions like .HONESTBITCOIN, .Fora, .PORTHUB, .KASPERSKY or extensions consisting of 5-10 random characters. During encryption, the malware will target all potentially important file types and make them no longer accessible by running strong algorithmic encryption. As mentioned, Mimic Ransomware also appends its own .QUIETPLACE extension, meaning a file like 1.pdf will likely change to 1.pdf.QUIETPLACE, and so forth. Following this, Mimic displayed two identical ransom notes – one before the log-in screen and second in a text file named Decrypt_me.txt.

All your files have been encrypted with Our virus.
Your unique ID: -
You can buy fully decryption of your files
But before you pay, you can make sure that we can really decrypt any of your files.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
To do this:
1) Send your unique id - and max 3 files for test decryption
1.1)TOX messenger (fast and anonimous)
Install qtox
press sing up
create your own name
Press plus
Put there my tox ID
And add me/write message
1.2)ICQ Messenger
ICQ live chat which works 24/7 - @mcdonaldsdebtzhlob
Install ICQ software on your PC here hxxps://icq.com/windows/ or on your smartphone search for "ICQ" in Appstore / Google market
Write to our ICQ @pedrolloanisimka hxxps://icq.im/mcdonaldsdebtzhlob
1.4)Mail (write only in critical situations bcs your email may not be delivered or get in spam)
* mcdonaldsdebtzhlob@onionmail.org
In subject line please write your decryption ID: -
2) After decryption, we will send you the decrypted files and a unique bitcoin wallet for payment.
3) After payment ransom for Bitcoin, we will send you a decryption program and instructions. If we can decrypt your files, we have no reason to deceive you after payment.
Can I get a discount?
No. The ransom amount is calculated based on the number of encrypted office files and discounts are not provided. All such messages will be automatically ignored. If you really only want some of the files, zip them and upload them somewhere. We will decode them for the price of 1 file = 1$.
What is Bitcoin?
read bitcoin.org
Where to buy bitcoins?
hxxps://www.alfa.cash/buy-crypto-with-credit-card (fastest way)
or use google.com to find information where to buy it
Where is the guarantee that I will receive my files back?
The very fact that we can decrypt your random files is a guarantee. It makes no sense for us to deceive you.
How quickly will I receive the key and decryption program after payment?
As a rule, during 15 min
How does the decryption program work?
It's simple. You need to run our software. The program will automatically decrypt all encrypted files on your HDD.

The note instructs victims to contact cybercriminals via one of the given channels (TOX Messenger, ICQ Messenger, or mcdonaldsdebtzhlob@onionmail.org e-mail address) and pay for decryption in Bitcoins. It is important to include the unique ID (generated in the note) in the subject line and also 3 encrypted files on a voluntary basis. Swindlers say they will decrypt them as test decryption and thereby prove that they are capable of running decryption. It is also said the price of decryption will be calculated individually depending on how many files have been encrypted. However, threat actors also say they can decrypt specific files for $1 per file. Mimic Ransomware is one of those file encryptors that uses strong algorithmic combinations and generates unique online keys for each victim. Unfortunately, this means that encrypted files are less likely to be decryptable without the help of initial developers. Furthermore, it also deletes all the shadow copies and disables other backup mechanisms within the system. Thus, the only way to recover your files is either to collaborate with extortionists and pay the ransom or restore data from external backup(s) that were not affected by the time of infection. The latter option is always better as some cybercriminals fool their victims and not send any promised decryption tools after the payment. Unless you are planning to pay the ransom, deleting ransomware is crucial to not let it encrypt other files at the time of manual recovery. It is also important to remove it after decrypting files with cybercriminals if you decide to. Follow our guide below to do so and get protection against such threats in the future. You will also see some reputable third-party decryption/recovery software presented in our guide, however, this recommendation is general and does not guarantee the tools will successfully decrypt files encrypted by Mimic Ransomware. You can also track this forum thread for updated information and plausible free decryption method in the future.

mimic ransomware

How Mimic Ransomware infected your computer

This and other ransomware infections can be distributed via weak/unprotected RDP configuration, phishing e-mail spam letters, trojans, deceptive third-party downloads, pirated/cracked downloads, fake software cracking tools, fake software updates/installers, backdoors, keyloggers, botnets, system exploits, and other channels as well. To prevent various infiltrations and drive-by (stealth) installations of malware, you should avoid downloading software from unofficial resources (Peer-to-Peer websites, torrent pages, landing pages, etc.) and beware of opening content that looks suspicious. For example, do not open attachments or links from unknown or potentially hacked senders (be it on social media or in a dubious e-mail message). Read our guide below and learn how one can protect his PC against threats like ransomware and other types of malware in the future.

  1. Download Mimic Ransomware Removal Tool
  2. Get decryption tool for .QUIETPLACE files
  3. Recover encrypted files with Stellar Data Recovery Professional
  4. Restore encrypted files with Windows Previous Versions
  5. Restore files with Shadow Explorer
  6. How to protect from threats like Mimic Ransomware

Download Removal Tool

Download Removal Tool

To remove Mimic Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of Mimic Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.

Alternative Removal Tool

Download Norton Antivirus

To remove Mimic Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Mimic Ransomware and prevents future infections by similar viruses.

Mimic Ransomware files:


Mimic Ransomware registry keys:

no information

How to decrypt and restore .QUIETPLACE files

Use automated decryptors

Download Kaspersky RakhniDecryptor

kaspersky dharma ransomware decryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .QUIETPLACE files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

Dr.Web Rescue Pack

Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .QUIETPLACE files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.

If you are infected with Mimic Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Data Recovery Professional to restore .QUIETPLACE files

stellar data recovery professional

  1. Download Stellar Data Recovery Professional.
  2. Click Recover Data button.
  3. Select type of files you want to restore and click Next button.
  4. Choose location where you would like to restore files from and click Scan button.
  5. Preview found files, choose ones you will restore and click Recover.
Download Stellar Data Recovery Professional

Using Windows Previous Versions option:

  1. Right-click on infected file and choose Properties.
  2. Select Previous Versions tab.
  3. Choose particular version of the file and click Copy.
  4. To restore the selected file and replace the existing one, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

  1. Download Shadow Explorer program.
  2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
  3. Select the drive and date that you want to restore from.
  4. Right-click on a folder name and select Export.
  5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

  1. Login to the DropBox website and go to the folder that contains encrypted files.
  2. Right-click on the encrypted file and select Previous Versions.
  3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like Mimic Ransomware , in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

idrive backup

As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Mimic Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.

3. Do not open spam e-mails and protect your mailbox

mailwasher pro

Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.

Download MailWasher Pro
Previous articleHow to remove NEVADA Ransomware and decrypt .NEVADA files
Next articleHow to fix an unknown error occurred (1667) on iTunes