Threat Database Ransomware Mahasaraswati Ransomware

Mahasaraswati Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 21
First Seen: May 27, 2016
Last Seen: May 8, 2023
OS(es) Affected: Windows

The Mahasaraswati Ransomware is a ransomware infection from India that encrypts its victim's files and demands the payment of a ransom. The Mahasaraswati Ransomware is part of the CryptoEncoder family of threats. It is characterized because the Mahasaraswati Ransomware displays an image of the Hindu goddess Saraswati in its ransom note. The Mahasaraswati Ransomware encrypts the victim's files and then changes their names, appending a hexadecimal identification code, the email address the Mahasaraswati@india.com and the XTBL extension to them. To decrypt files encrypted by the Mahasaraswati Ransomware, it is necessary to send an email to this email address.

How the Mahasaraswati Ransomware Attacks a Computer

The Mahasaraswati Ransomware is delivered in an executable file, saraswati.exe, which may be distributed using common threat delivery methods. The Mahasaraswati Ransomware changes the affected computer's settings to ensure that it runs as soon as Windows starts up automatically, deletes System Restore points and Shadow Volume Copies of encrypted files, and encrypts the victim's files. The Mahasaraswati Ransomware drops HTML, TXT, and JPG files containing instructions. The files, named 'How to decrypt your files.txt' contain a large image of the Hindu goddess and the following text:

To decrypt your data write me to the Mahasaraswati@india.com

PC security analysts communicated with the email address in the note above, and received the following response:

Good morning, dear friend!
We are writing to inform you that our team of network security specialists has analyzed your system and has identified vulnerabilities in the protection.
We kindly draw your attention that defensive operation on your computer is not running properly and now the whole database is at risk.
All your files are encrypted and can not be accepted back without our professional help.
Obviously vulnerability analysis, troubleshooting, decoding the information and then ensuring safety are not a simple matter.
And so our high-grade and quick service is not free.
Please note that today the price of your files recovery is 3 Bitcoins, but next day it will cost 5 Bitcoins.
You should buy bitcoins here https://localbitcoins.com/faq
Read the paragraphs:
1. How to buy Bitcoins?
2. How do I send Bitcoins and how can I pay with Bitcoins after buying them?
The Bitcoin wallet for payment is 1DGMeKSALSkYGkedYDUgcvV8mP77WEGusQ
After the transfer of bitcoins please send email with screenshot of the payment page.
We does not advise you to lose time, because the price will encrese with each passing day.
As proof of our desire and readiness to help you, we can decipher a few of your files for test.
To check this you can upload any encrypted file on Web site dropmefiles.com, size no more than 10 MB (only text file or a photo) and send us a download link.
Certainly after payment we guarantee prompt solution of the problem, decrypt the database to return to its former condition and consultation how to secure the rules of the system safety.
Kind regards, Saraswati.

The message above is written in a way to prey on inexperienced computer users, making it seem as if the con artists responsible for the Mahasaraswati Ransomware are providing a useful service. Unfortunately, the Mahasaraswati Ransomware attack demands a very elevated ransom amount.

Counteracting the Mahasaraswati Ransomware Infection

It may not be possible to decrypt the files encrypted by the Mahasaraswati Ransomware. Therefore, a backup copy of these files will need to be used to restore the files encrypted by this attack. PC security analysts strongly advise computer users to disconnect any computer infected with the Mahasaraswati Ransomware from a network at once. The effects of ransomware Trojans like the Mahasaraswati Ransomware when they spread within a network can be devastating. The best way to deal with the Mahasaraswati Ransomware and similar attacks is prevention. The utilization of a reliable security product can stop the Mahasaraswati Ransomware and other similar attacks preemptively before they manage to enter your computer and encrypt your files.

Trending

Most Viewed

Loading...