Threat Database Ransomware Mnbzr Ransomware

Mnbzr Ransomware

By GoldSparrow in Ransomware

The authors of ransomware threats tend to borrow the code of already existing malware to create new file-lockers. This technique saves them time and allows even less experienced cybercriminals to develop and propagate data-encrypting Trojans. Among the latest identified ransomware threats is the Mnbzr Ransomware. This new data-locker belongs to the Dharma Ransomware family.

Propagation and Encryption

Data-encrypting Trojans, like Mnbzr Ransomware, are usually spread via fraudulent emails that target users at random. If a user receives a phishing email of this type, they will either be urged to click on a corrupted link or download and open a macro-laced attachment. Cyber crooks also may opt to use other popular tricks to propagate ransomware – bogus software updates, torrent trackers, cracked video games or applications, corrupted advertisements, fake social media posts, etc. The Mnbzr Ransomware is designed to go after a wide variety of files - .pdf, .txt, .docx, .doc, .png, .jpeg, .jpg, .gif, .svg, .mp3, .aac, .midi, .mid, .wav, .webm, .mp4, .mov, .xlsx, .xls, .ppt, .pptx, .db, .zip, .rar, etc. If you are one of the ill-fated PC users with your system breached by the Mnbzr Ransomware, you will have all your files encrypted by this nasty threat. The Mnbzr Ransomware will add a new extension to the locked files' names –'.id-.[trfgklmbvzx@aol.com].mnbzr.' For example, if a file was named 'yogurt-cream.pdf,' the Mnbzr Ransomware will rename it to 'yogurt-cream.pdf.id-.[trfgklmbvzx@aol.com].mnbzr.'

The Ransom Note

The Mnbzr Ransomware drops a ransom note called 'FILES ENCRYPTED.txt' on the breached host. The note contains the message of the threat's authors. The attackers' message is pretty brief. They ask their victims to get in touch with them via email – ‘trfgklmbvzx@aol.com.' Often, cybercriminals disclose their demands once the user contacts them. However, rest assured that these people will ask for a significant sum in exchange for a decryption product that is supposed to recover your data.

You should not contact or pay cybercriminals as there is no guarantee that you will receive the decryptor that you need to unlock your files. It is best to install a legitimate, up-to-date anti-malware solution that will remove the Trojan from your machine and make sure you do not fall victim to a similar scheme in the future.

Trending

Most Viewed

Loading...