Mrvk3 Ransomware

The goal of the Mrvk3 Ransomware threat is to enter the victim's devices stealthily and then initiate an encryption process with a strong cryptographic algorithm. All affected files will no longer be accessible and the victims will lose any important data that was contained inside documents, PDFs, archives, databases, audio, video and other file types. The attackers will then try to extort money from the affected users or organizations.

During the encryption, all locked files will have their original names modified. The threat will first append a string of characters representing the unique ID assigned to the victim and then follow it with '.mrvk3' as a new file extension. The instructions for the victims will be placed on the breached system's desktop in a text file named 'FVUV_HOW_TO_DECRYPT.txt.'

Mrvk3 Ransomware's Demands

According to the note, apart from locking the user's files, the Mrvk3 Ransomware also has managed to collect information and upload it to a server controlled by the attackers. Victims are then threatened that if they do not pay the demanded ransom, their private data will be published to the public on a dedicated leak site.

To establish contact with the cybercriminals and receive further instructions about the payment, users affected by the Mrvk3 Ransomware are told to visit a specific website hosted on the TOR network. Both sites cannot be reached normally and users will need to download the Tor Web browser.

The last section of the ransom note contains numerous warnings. Victims are told to avoid modifying the already encrypted files, as doing so could render them unrecoverable. The hackers also warn against contacting the FBI or hiring a data recovery company because without the necessary decryption key they will not be able to unlock the files.