MADA Ransomware

The MADA Ransomware is an encryption ransomware Trojan that seems to be related to Jigsaw, a well-known ransomware Trojan with multiple variants. The MADA Ransomware was first observed carrying out attacks on January 27, 2018, and seems to be delivered to victims by corrupted spam email attachments. The MADA Ransomware will be distributed using social engineering techniques designed to trick inexperienced computer users into believing that an email message comes from a legitimate source. These email messages will include a file attachment that takes the form of a Microsoft Office document, often with embedded macros that download and install the MADA Ransomware as soon as the compromised file is opened.

The Hindu Monster Of Drunkenness that will Attack Your Files

The MADA Ransomware is identical to the various other Jigsaw variants that are active currently. The MADA Ransomware will encrypt the user-generated files on the victim's computer, including photos, music, videos, and numerous other document types. Part of the file types that may be compromised by attacks like the MADA Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The MADA Ransomware seems to be based on an open source ransomware platform and use Command and Control servers that are hosted on compromised networks and servers around the world, making it difficult to track it down and stop it. Once the MADA Ransomware's attack infects the targeted files, they will be easy to recognize because the MADA Ransomware will add the file extension: '.LOCKED_BY_pablukl0cker' to the end of each affected file's name.

The MADA Ransomware’s Ransom Demands

After the MADA Ransomware encrypts the victim's files, the MADA Ransomware will deliver a ransom note. The MADA Ransomware displays its ransom note in the form of a program window with the title 'MADA Ransomware.' The MADA Ransomware's ransom note contains the following text message:

'OOPS! YOUR FILES ARE CRYPTED BY the MADA Ransomware!!!
Your documents, photos, videos etc .
And after 72 hours, all your files will be removed premanently !!!
But there is nothing to worry about 🙂 it will only happen when you fly in a fuck
Every hour I delete one randomly selected file and delete it premanently!!!
I can not recover such a file anymore, even after making the payment!!!
You will lose only a few files for the first 24 hours.
but the next day a few hundred, the third day, a few thousand, etc ...
If you turn off your computer or try to shut me down, I will fire again.
I automatically remove 1000 files permanently for trying to recommend me in a fuck!!!
Remember that even the best anti-virus is unable to recover encrypted files!
If you have any questions, please contact us via e-mail rakolo23@gmail.com!!!
Payment for decrypting files is only possible in BITCOIN!!!
If you do not know how to buy bitcoins, visit www[.]4coin[.]pl!!!'

Educated computer users will know that it is better to ignore the text in the MADA Ransomware's ransom note. Unfortunately, once the MADA Ransomware finishes its misdeeds, the files it targets are not recoverable without the decryption key. However, the people responsible for the MADA Ransomware cannot be trusted to provide it, even if the ransom is paid. The best protection against the MADA Ransomware and other encryption ransomware Trojans is to have file backups, along with a security suite that is fully up-to-date.