Mbed Ransomware Description
Ransomware threats are one of the most popular malware types in recent years. They are simple to build (provided that one uses a ransomware building kit) and easy to distribute threats that are capable of causing great damage to their targets. Among the newest spotted threats of this class is the Mbed Ransomware. When researchers uncovered and dissected this Trojan, they found that it is a variant of the infamous STOP Ransomware family. Without a doubt, the STOP Ransomware family has been the most active ransomware family throughout 2019, claiming numerous victims.
Propagation and Encryption
The authors of the Mbed Ransomware are likely using mass spam emails to propagate their creation. The emails would contain a fake message that utilizes various social engineering tricks to try to convince the user to open the attached file. The attachment, however, is macro-laced and would execute a corrupted code of the threat once it is launched. There are other common techniques for distributing ransomware threats too. Some cyber crooks opt to use fake application updates, torrent trackers, or bogus pirated copies of legitimate software utilities. The Mbed Ransomware will scan the data on the user’s system to locate the files that will be targeted for encryption. Then, the Mbed Ransomware will trigger its encryption process and make sure to lock all the targeted data. When the Mbed Ransomware locks a file, it also alters its name by appending an additional extension – ‘.mbed.’ For example, a file that was called ‘gray-cat.jpeg’ previous to the attack, will be renamed to ‘gray-cat.jpeg.mbed’ after the encryption process is through.
The Ransom Note
Then, the Mbed Ransomware will drop a ransom note called ‘_readme.txt.’ In the note, the attackers state that the ransom fee is $980, but all victims who contact them within 72 hours will obtain a 50% discount and will have to pay $490 instead of the full fee. The creators of the Mbed Ransomware offer to unlock one file for free so that the users are convinced that they have a working decryption key. There are two email addresses that the attackers provide –‘ firstname.lastname@example.org’ and ‘email@example.com.’
Stay away from the creators of the Mbed Ransomware. Nothing good comes out of cooperating with cyber crooks. Even if they have promised to provide you with the decryption key you need, it is highly likely that they will not bother, as soon as they get their hands on your cash. This is why you should look into downloading and installing a reputable anti-spyware tool instead. Not only will the security tool keep your computer safe in the future, but you also can use it to remove the Mbed Ransomware from your system safely.
Do You Suspect Your PC May Be Infected with Mbed Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Mbed Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.