Mbed Ransomware

Ransomware threats are one of the most popular malware types in recent years. They are simple to build (provided that one uses a ransomware building kit) and easy to distribute threats that are capable of causing great damage to their targets. Among the newest spotted threats of this class is the Mbed Ransomware. When researchers uncovered and dissected this Trojan, they found that it is a variant of the infamous STOP Ransomware family. Without a doubt, the STOP Ransomware family has been the most active ransomware family throughout 2019, claiming numerous victims.

Propagation and Encryption

The authors of the Mbed Ransomware are likely using mass spam emails to propagate their creation. The emails would contain a fake message that utilizes various social engineering tricks to try to convince the user to open the attached file. The attachment, however, is macro-laced and would execute a corrupted code of the threat once it is launched. There are other common techniques for distributing ransomware threats too. Some cyber crooks opt to use fake application updates, torrent trackers, or bogus pirated copies of legitimate software utilities. The Mbed Ransomware will scan the data on the user’s system to locate the files that will be targeted for encryption. Then, the Mbed Ransomware will trigger its encryption process and make sure to lock all the targeted data. When the Mbed Ransomware locks a file, it also alters its name by appending an additional extension – ‘.mbed.’ For example, a file that was called ‘gray-cat.jpeg’ previous to the attack, will be renamed to ‘gray-cat.jpeg.mbed’ after the encryption process is through.

The Ransom Note

Then, the Mbed Ransomware will drop a ransom note called ‘_readme.txt.’ In the note, the attackers state that the ransom fee is $980, but all victims who contact them within 72 hours will obtain a 50% discount and will have to pay $490 instead of the full fee. The creators of the Mbed Ransomware offer to unlock one file for free so that the users are convinced that they have a working decryption key. There are two email addresses that the attackers provide –‘ salesrestoresoftware@firemail.cc’ and ‘salesrestoresoftware@gmail.com.’

Stay away from the creators of the Mbed Ransomware. Nothing good comes out of cooperating with cyber crooks. Even if they have promised to provide you with the decryption key you need, it is highly likely that they will not bother, as soon as they get their hands on your cash. This is why you should look into downloading and installing a reputable anti-spyware tool instead. Not only will the security tool keep your computer safe in the future, but you also can use it to remove the Mbed Ransomware from your system safely.