MafiaWare Ransomware

Posted by Lisa Blanc on January 12, 2017

What is MafiaWare Ransomware?

Although from its name it might seem that MafiaWare Ransomware has something to do with notorious mafia clans, this ransomware infection was actually created by despicable hackers who want to make easy money. They will try to bully you into spending $155USD on a decryption key that may not even work, and quite a few innocent users may fall for this scam. However, you should not pay a single cent to these criminals. Remove MafiaWare Ransomware from your system, and then look for ways to restore your files. Please remember that doing as told is not an option when the one bossing you around is a cyber-criminal. test test

Where does MafiaWare Ransomware come from?

It is not exactly clear where MafiaWare Ransomware was developed, but from its structure, we can tell that the program is based on the HiddenTear Ransomware. This malware family could also be called the Crysis Ransomware group. It suggests that this program is closely related to HappyLocker Ransomware, Payday Ransomware, and several other applications that come with the same source code. On the other hand, it does not mean that all of them were created by the same developers. It could be that different hackers are using the same source code to create individual versions of their own ransomware infection.

However, individuality goes this far because MafiaWare Ransomware employs a very common ransomware distribution method: spam emails. It means that the program that crippled your computer came with some email attachment you have recently downloaded on your system. Perhaps that attachment looked like a genuine document file, and you thought that opening it would provide you with some useful information. Unfortunately, this file installed MafiaWare Ransomware on your computer, and now you have to deal with the consequences.

To avoid such infections in the future, please be sure to check whether the email message has come from reputable sources. Also, scanning the file attachments with a security tool would also decrease the possibility of a malicious infection.

What does MafiaWare Ransomware do?

This program behaves like most of the other ransomware infections out there. It encrypts your picture and document files with the AES-256 encryption algorithm, making it virtually impossible to restore your files manually. Seeing how the previous versions of the HiddenTear ransomware would target files in the %USERPROFILE% directory, it is very likely that MafiaWare Ransomware will also do that. Hence, if you store some of your files in some other location, the chances are that these files will remain intact.

As far as the encrypted files are concerned, you will see which files have been affected by the program at once because all of them will have a new .locked-by-mafia extension. Needless to say, your system will not be able to open these files because the information within them will be scrambled at random. On top of that, the infection will also display a ransom note on your screen:

Your files has been encrypted by depsex

Pay $155 to my bitcoin address 1CS7xqkujGWQAMq1y54D68QwWKyCz266ZZ

And send the proof to my email dompetpresiden@gmail.com

The ransom note implies that the person behind this infection is the only one who can restore your files. However, let us consider the origins of this ransomware again. MafiaWare Ransomware is part of the HiddenTear family. Most of the previously released infections from this group have been cracked by security specialists, and the public decryption tools are available. Therefore, it is possible to assume that MafiaWare Ransomware will be cracked soon too. So when you get rid of this program, you should look for public decryption tool on computer security websites.

How do I remove MafiaWare Ransomware?

If there is no decryption tool available, you can still get your files back from a file backup. Perhaps you have an external HDD where you keep copies of your most important files. Or maybe you have a cloud drive where you save your newest documents? The chances are that you have most of your files saved somewhere, but you are not consciously aware of that.

Please remember that if you are about to transfer healthy copies into your computer, you should remove MafiaWare Ransomware first. If the infection remains on your system, it might encrypt the new healthy files, too!