MauriGo Ransomware Description
The MauriGo Ransomware is an encryption ransomware Trojan that started being noticed in April 2018. The MauriGo Ransomware may be a variant of a ransomware Trojan by the same name released one year before, in 2017. The MauriGo Ransomware carries out a typical encryption ransomware attack, which will take the victim's files hostage. Then, the MauriGo Ransomware displays it ransom note, where it demands the payment of a ransom to restore access to the victim's files. The MauriGo Ransomware uses the AES encryption to make the victim's files inaccessible, which may force the victims to pay for the decryption key that is the only tool that can restore the affected files.
How Threats Like the MauriGo Ransomware Carry out Their Attacks
Threats like the MauriGo Ransomware are becoming more and more common, and there is very little to differentiate the MauriGo Ransomware from the many other encryption ransomware Trojans that are being used today to attack computer users. The MauriGo Ransomware and similar threats' main target is the user-generated files, which may include files with the following file extensions:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, doc, .epub, .docx, .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
Variants of the MauriGo Ransomware will mark the files encrypted by their attacks by changing the files' extensions, in some cases adding the file extension '.encrypted' to the existing file names. The MauriGo Ransomware delivers its ransom note in the form of a text file dropped on the victim's computer. The MauriGo Ransomware's variant last observed by PC security researchers displays a ransom note containing the following text:
'The important files on your computer have been encrypted with military grade AES-256 bit encryption.
Your documents, videos, images and other forms of data are now inaccessible, and cannot be unlocked without the decryption key.
This key is currently being stored on a remote server.
To acquire this key, please follow the instructions below before the time runs out. ([RANDOM DATE] - you have 7 days)
Prices to recover yoor files from :
1 machine on your network : 0.7 BTC
Half machines on your network (randomly chosen): 2.6 BTC
All machines on your network : 5 BTC
The BTC must be sent to this address : 19CMTC6U9KMHAn34iKXvofkA2ulNMcd823
Your hostname : [YOUR DEVICE NAME]
Your identification number (it is the same for all PC encrypted on your network): ***
After you've send payment to our address, please go to our website (via normal browser):
If it doesn't work please download Tor Browser on their official page and use this link instead: xxxx://ldqu4hxg2gx6af7j[.]onion/id/***
Once on the website, leave a simple comment to warn us.
After that we will reply with your decryption key(s) as soon as possible.
To demonstrate our sincerity, you can upload 2 encrypted file on the website and we will decrypt it.
Also please understand that we don't want to taint the reliability of your business. Make a reasonable choice.
Note that if you fail to take action within this time window (7 days), the decryption key will be destroyed and access to your files will be
Where to buy bitcoins (BTC) ?
Bitcoin is a popular crypto-currency. We advise you to buy coins on https://localbitcoins.com/ because of its speed and anonymity.
You will can pay with Western Union. Wire Transfer...
Of course there are much other ways to get bitcoins (ex: Coinbase), simply type on google "how to buy bitcoins".'
Dealing with Threats Like the MauriGo Ransomware
The best way to deal with threats like the MauriGo Ransomware is by having backup copies of all your files stored in a place you can trust. Computer users also should take steps to protect their data with the help of a security program.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.