Home Malware Programs Ransomware Marozka Ransomware

Marozka Ransomware

Posted: April 3, 2019

The Marozka Ransomware is a file-locker whose authors have used the HiddenTear project as an inspiration. Thankfully, this means that they have used HiddenTear’s encryption method, which has a major flaw that makes it possible to decrypt the files it locks free of charge. The situation with the Marozka Ransomware appears to be the same, and victims of this file-encryption Trojan should not contact the attackers for assistance since they can rely on free decryption software to give assistance to them with the recovery of their files.

Usually, file-encryption Trojans based on HiddenTear are very bland, but the authors of the Marozka Ransomware have attempted to make their threat look a bit more sophisticated. When the Marozka Ransomware is initialized on a computer, it will start to look for files that it can encrypt – documents, images, archives, songs, databases, etc. immediately. All files that the Marozka Ransomware locks are marked with the ‘.Marozka’ extension.

After the attack is complete, the Marozka Ransomware drops a ransom note via the file ‘HOW TO DECRYPT FILES.txt,’ which tells the victim that there are two ways to get their files back, and both of them require a ransom payment – either messaging silena.berillo@gmail.com and hto2018@yandex.ru for further instructions or visiting the Web page Proverka.host for automatic decryption. The ransomware also may change the default desktop wallpaper to an edited space image that contains instructions to open the file ‘HOW TO DECRYPT FILES.txt.’

The payment page listed in the ransom note states that victims must pay a ransom sum of $100 via a Bitcoin transaction if they wish to get their files back – however, the attackers do not provide any proof that their decryptor is real and working. Thankfully, their decryptor is not something you should worry about because, as we mentioned earlier, you should be able to ensure the recovery of your files with the use of the free HiddenTear decryptor. Remember that before you attempt to recover any of your files, you should make sure to remove all of the Marozka Ransomware’s files by using a trustworthy anti-malware scanner.

Loading...