MasterBuster Ransomware

The MasterBuster Ransomware is one of the many variants of HiddenTear that are being used to carry out attacks on computer users. HiddenTear was a ransomware project that was presented as an 'educational ransomware' infection. However, as should have been obvious, extortionists adapted the HiddenTear's code quickly and are creating a wide variety of ransomware Trojan variants to carry out attacks on the public easily. The MasterBuster Ransomware is one of these variants. The MasterBuster Ransomware is being distributed in a spam email campaign that uses corrupted Microsoft Office documents that exploit vulnerabilities in the macro feature in this application. If the MasterBuster Ransomware has been installed on your computer, PC security analysts advise against paying the ransom the con artists demand.

The Master that Busters Your Finances

The MasterBuster Ransomware seems to be targeted towards individual computer users rather than to corporate targets. Because of this, the MasterBuster Ransomware does not have some of the most sophisticated features often seen in modern ransomware Trojans, such as the ability to infect shared network drives or server databases. However, there is no question that the MasterBuster Ransomware's attack is quite effective in taking the victim's data hostage and demanding the payment of a ransom.

The MasterBuster Ransomware tends to target media files and documents used by individuals, such as text and spreadsheet documents. The files that have been affected by the MasterBuster Ransomware will have the extension '.hcked' added to their name, making it easy to note which files have been affected by the MasterBuster Ransomware attack. The MasterBuster Ransomware will deliver its ransom note in the form of a text file dropped on the victim's Desktop. This file is named 'READ_THIS_FILE_IMPORTANT.txt'. The full contents of the MasterBuster Ransomware ransom note are printed below:

'IMPORTANT!!!!
Apnar Computer er shokol gurottopurno file encrypt kora hoyeche.
KONO FILE TOUCH KORBEN NA!
Amra shokol file recover kore dibo.
Jebhabe apnar file recover korben: -
1) Ei link e jan:
- [link to a form hosted on Google Drive]
2) Form fill-up korun.
3) 24 hours er moddhe apnar email + mobile SMS a shokol dhoroner instructions chole jabe.
Thank you!
DarkWing020'

'IMPORTANT!!!!
The files on your computer were encrypted securely
DO NOT DELETE THE FILES!
We can recover your files using a decoder.
To obtain a decoder you must do the following steps:
1) open the link:
[link to a form hosted on Google Drive]
2) Fill up the form.
3) Wait 24 hours to confirm payment via email + SMS and follow the instructions sent to you
Thank you!
DarkWing020'

The form that is used to carry out the MasterBuster Ransomware ransom payment was created by using the Google Forms and is hosted on the Google Drive. The form, like the ransom note, is written in Bengali and contains the following information:

'Files Recovery Process - DarkWing020
If you are asked to fill up this form, if all the files on your computer have been locked by our software. Do not be afraid !! By filling out this form you can get your files back easily without any problem !! You can use English / Bangla or in Banglish (English letters written in Bengali) to fill out the form. You should deposit the total amount of fine and will be notified by email and phone.
* The amount of the fine is 3,500 Rupee.
* If you take longer than 10 days to pay the fine there will be an additional fine of 5,000 to 10,000 Rupee.'

Taking a Look at the MasterBuster Ransomware’s Ransom

The ransom amount demanded by the MasterBuster Ransomware is not particularly large – about $52 USD. However, this is quite a large amount of money in terms of the average salary in India, where most the MasterBuster Ransomware attacks are carried out. Computer users are advised to prevent monetary and productivity losses associated with the MasterBuster Ransomware and other ransomware Trojans by taking important preventive measures such as backing up all data and using a reliable security application that is fully up-to-date.

SpyHunter Detects & Remove MasterBuster Ransomware