Avast Decryption Tool for MafiaWare666 1.0.0.537

Published by

Avast Decryption Tool for Mafiaware666 decrypts some variants of the MafiaWare666 ransomware strain.
The MafiaWare666 ransomware strain is written in C#; there aren't any obfuscation or anti-analysis techniques. MafiaWare666 encrypts files using AES encryption. Avast researchers found a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. It is likely that new or unknown samples may encrypt files differently, making them decryptable without further analysis.



MafiaWare666 searches specific folder locations (Desktop, Music, Videos, Pictures, and Documents) and encrypts numerous file extensions like 7z, Bat, DivX, HTML, JPEG, JPG, MP3, MP4, ZIP, and everything in between for the most part. Files held hostage are appended with one or all of the following: .MafiaWare666, .jcrypt, .brutusptCrypt, .bmcrypt, .cyberone, or .l33ch.

The MafiaWare666 ransomware displays a window with instructions detailing how to pay the ransom. The attacker requests payment in Bitcoin.

Similar:
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
How to Tell the Difference Between a Virus and a False Positive
How to Manage Windows Defender Antivirus Found Threats
What to Do When Your Norton or McAfee Antivirus Expire


  Download