MADA Ransomware

What is MADA Ransomware?

If you have just been presented with a pop-up warning saying that your files are encrypted by the MADA ransomware,  that means that you are dealing with another version of the Jigsaw ransomware. The Jigsaw ransomware is notorious for its capability to delete files at  regular intervals, and the same action is performer by its spin-offs. The MADA ransomware should removed immediately after being detected, and preventative measures should be taken to prevent future ransomware and malware attacks.

How does the MADA ransomware work?

Once on the computer, the MADA ransomware encrypts various files and adds the extension .LOCKED_BY_pablukl0cker, without changing the original name of the file affected. The infection also creates its copy named msconfig.exe in the %APPDATA% directory. Additionally, the MADA threat creates its point of execution (POE) in the Windows Registry, enabling itself to start running once the system starts up. As a result, the threatening user interface containing the ransom warning is displayed every time the user reboots or turns on the computer.

The MADA ransomware, as well as its counterparts, seeks to encourage victims to pay for data decryption by claiming that one file will be deleted every hour within the first 24 hours. After 24 hours, the number of files to be deleted is increased. The files removed by the MADA threat cannot be restored, so the victim is motivated to act immediately in order not to risk personal data. Interestingly, the attackers behind the MADA ransomware have chosen the ransom sum of $100 in Bitcoin, which is a quite affordable sum compared with the sums requested by infections that do not inflict significant damage or only pretend to be damaging.

It is important that you do not wait but act immediately to remove the MADA ransomware. Paying up is not advisable because there is no guarantee that the attackers will bother to provide you with a decryption key or a decryption tool. The attackers also provide their email address,, which is given so that you can contact them for more information. Even if you do so, do not expect the information received to be reliable.

How to avoid ransomware?

Ransomware infections are created to obtain PC users' money. Cyber criminals are not interested in assisting their victims in restoring encrypted files, so, after removing the MADA ransomware, you should make sure that a similar incident will not take place in the future. Ransomware has become one of the biggest threats in the digital world, so it is worth considering what PC using and Internet browsing habits could be changed. For example, it is advisable to ignore questionable emails, especially when they ask you to download the file attached or click the link provided. Ransomware is also known to spread via RDP, so, if you use this service, you should be sure that your password is strong enough.  Without a doubt, a reputable anti-malware should also be running on the computer, because such a tool would fight off multiple threats, which differ in complexity and purpose.

How to remove the MADA ransomware?

When it comes to the removal of the MADA ransomware, you have two options. You can try removing the MADA ransomware manually with the help of our removal instructions provided below. This removal method does not guarantee that similar incidents will not occur, because every computer without a security tool can get infected at any time. Implementing an anti-malware program that removes infections running on the computer and fights off incoming threats is entirely practical. There are millions of threats circulating on the Internet, and you cannot know when you will be attacked and what consequences will follow.

If you have any questions concerning the removal guide or the removal tool available below, our team is ready to help you; just leave your inquiry below in the comment box.

Remove the MADA ransomware

  1. Delete recently downloaded files from the desktop, Downloads folder, or any other directory to which you save your downloaded files.
  2. Press Win+R and type in %APPDATA%.
  3. Access the GoogleChromeUpdata folder and delete the malicious file msconfig.exe.
  4. Press W+R and type in regedit.
  5. Follow the path HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the malicious registry value. 100% FREE spyware scan and
    tested removal of MADA Ransomware*
MADA Ransomware
MADA Ransomware
MADA Ransomware

Leave a Comment

Enter the numbers in the box to the right *