Mr403Forbidden Ransomware

The Mr403Forbidden Ransomware is an encryption ransomware Trojan that was first observed in the wild on July 19 of 2017. The Mr403Forbidden Ransomware has appeared before in other variants, such as the Haters Ransomwar, the Stupid Ransomware and the FTSCoder Ransomware. The Mr403Forbidden Ransomware receives its name because, while analyzing the Mr403Forbidden Ransomware's code, malware researchers found the string 'Encrypting By ./Mr403Forbidden.' PC security analysts have not found other threats or encryption ransomware Trojans developed by anyone else with this alias, and this may be the first ransomware variant developed by this particular individual or team

The New Meaning ot the Word 'Forbidden'

The Mr403Forbidden Ransomware is designed to infected computers running the Windows operating system. The most common way in which the Mr403Forbidden Ransomware will be delivered to a computer is by attaching a corrupted Microsoft Word file to a spam email message. These corrupted files will use macros and scripts to download and install the Mr403Forbidden Ransomware onto the victim's computer. Currently, most of the Mr403Forbidden Ransomware attacks are taking place in Indonesia and related locations.

When the Mr403Forbidden Ransomware enters a computer, it will perform a scan of all of the infected PC's drives, including removable memory devices connected to the infected PC and network shared directories. The Mr403Forbidden Ransomware will communicate with its Command and Control server and send information about the infected computer, as well as receiving data necessary to carry out the Mr403Forbidden Ransomware infection (such as the decryption data). The Mr403Forbidden Ransomware carries out its attack by encrypting all types of files on the infected computer, including media files and a wide variety of document types generated by the computer user. The Mr403Forbidden Ransomware will mark the infected files by changing their file extensions, adding the string '.alosia' to the end of each infected file's name.

The Mr403Forbidden Ransomware’s Ransom Demand

The Mr403Forbidden Ransomware will display a ransom note after encrypting the victim's files. This ransom note appears in a program window with the title 'File Anda Terkunci!!!,' Indonesian for 'Your Files are Locked!!!.' While one would expect the ransom note associated with the Mr403Forbidden Ransomware to be written in Indonesian, it is written in English. Below is the full text of the Mr403Forbidden Ransomware English ransom demand:

'Your Computer files is encrypted
all files with extremely
powerfull new ./Mr403Forbidden encryption
that no one can break except you have
a private string and IVs
To decrypt all file please pay us a money contact me :
forbiddenmr403@gmail.com or
mr403forbidden@hotmail.com
insert your code here:
[TEXT BOX] Decrypt!'

The amount demanded by these threat infections varies widely. While most ransomware Trojans demand an amount somewhere between $500 and $1500 in BitCoins, Trojans based in Indonesia like this one have a tendency to ask for ransoms that are lower significantly. However, PC security analysts still advise computer users to refrain from paying the Mr403Forbidden Ransomware ransom.

Dealing with the Mr403Forbidden Ransomware and Protecting Your PC

If the Mr403Forbidden Ransomware has infected your computer, it may be tempting to pay the ransom amount. However, security experts strongly advise computer users to refrain from doing this. Paying the Mr403Forbidden Ransomware ransom simply allows con artists to continue developing these threats, claiming new victims. Furthermore, there is no guarantee that the con artists will respond by helping you recover your files. In fact, they may ask for more money, ignore you, or target your computer for additional infection. Unfortunately, since the encryption used in attacks like the Mr403Forbidden Ransomware is very strong, the best option for dealing with ransomware Trojans is to take preventive measures. PC security analysts advise computer users to ensure that their data is backed up properly. Apart from file backups, which are the best protection against the Mr403Forbidden Ransomware, a reliable security program also is mandatory.