The MafiaWare Ransomware is a new HiddenTear based virus which is developed by a criminal programmer known as mafia and follows the standard infection pattern that is typical for the ransomware family. By reading this guide you will learn how to protect your computer and remove any MafiaWare ransomware infections on your computers.
MafiaWare Ransomware Description
MafiaWare ransomware is merely the newest HiddenTear strain which has been detected by the malware researchers. There is nothing that stands out in comparison to the other regular samples that are derived by the malicious open-source project. Most of the recent infection cases reveal that the infection process is triggered by a file called mafiaware.exe. However, in some cases, criminals may rename it in order to obfuscate the ransomware.
The threat is a crypto ransomware and primarily aims to encrypt target data with the help of strong encipher algorithm. Its encryption engine uses the AES cipher to encrypt target user files and then extorts the computer user for a ransom sum payment fee to restore access to their compromised data. When this is complete the affected files receive the .Locked-by-Mafia extension.
The ransomware note which is crafted by the virus is placed in a READ_ME.txt and contains standard ransomware instructions:
Your files has been encrypted by depsex
Pay $155 to my bitcoin address 1CS7x***
And send the proof to my email [email protected]
The criminal operator of the computer virus demands a ransom sum payment of 155 US Dollars in Bitcoins delivered to the following address: 1CS7xqkujGWQAMq1y54D68QwWKyCz266ZZ. Their contact email address is [email protected].
The captured sample has been identified to use the following malicious remote command & control server: https://www.stillblackhat.id/depokcybersec/dsc.php?info=.
The list of the target data include the most popularly accessed multimedia files (audio, photos, and videos), various documents, PDFs, databases, backup images and more.
Furthermore, MafiaWare crypto virus is likely to use the command vssadmin.exe delete shadows /all /Quie in order to delete all Windows Shadow Volume Copies and prevent victims from restoring the previous version of the corrupted files.
A new version of MafiaWare has been detected. It is called AngleWare ransomware and is a rewritten version of the threat.
MafiaWare Ransomware Distribution
MafiaWare Ransomware is distributed via the usual virus infection methods. Most computer hackers use botnets and hacked email accounts to distribute spam email messages that contain ransomware as attachment or link to infected binaries. In many of the cases, phishing strategies are used with social engineering tricks to make the targets infect themselves with the virus.
Other possible ways of getting infected with the MafiaWare Ransomware is to get infected via malicious ads, browser hijackers, and other means.
The MafiaWare virus can attack users in all countries. We have reasons to believe that the following states are at serious risk – the United States of America, Germany, Spain, the Philippines, India, France, Canada, and Italy.
More well-off users are likely to be targeted. People who use banking services and pay for premium content are more prone to open official official-looking spam emails. These letters may be typical for the user, and he or she wouldn’t suspect infection from PayPal or another well-respected entity.
How to Remove MafiaWare and Restore .Locked-By-Mafia Files
MafiaWare endangers the security of your PC as long as its malicious files and objects exist on it. In favor of your cyber and computer security, it is recommendable to avoid any negotiations with cyber criminals and proceed further with the removal process by yourself. Have in mind that MafiaWare presence on the system is extremely persistent and for the best results you may need to use the help of a professional anti-malware tool.
Even though there is a decryptor for the HiddenTear ransomware family, it may not work for .Locked-By-Mafia files. The good news is that you can try with alternative data recovery approaches. First, make a backup of all corrupted data and store it on an external drive. Then go to STEP VI of the removal guide below and choose your recovery way.
Summary of MafiaWare Ransomware
Name |
MafiaWare |
File Extensions |
.Locked-by-Mafia |
Ransom |
155 US Dollars in Bitcoins |
Easy Solution |
You can skip all steps and remove MafiaWare ransomware with the help of an anti-malware tool. |
Manual Solution |
MafiaWare ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
Distribution |
Spam Email Campaigns, malicious ads & etc. |
MafiaWare Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
-
1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
-
1) Open My Computer/This PC
2) Windows 7
-
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
-
– Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
-
1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely MafiaWare Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
-
1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover MafiaWare Files
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
How To Restore MafiaWare Files
- 1) Use present backups
- 2) Use professional data recovery software
-
– Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
- 3) Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
- 4) Restore your personal files using File History
-
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter