MarioLocker Ransomware

Posted by Lisa Blanc on January 6, 2020

What is MarioLocker Ransomware?

MarioLocker Ransomware is an infection that might have been abandoned by its creator already. That is what we have to think about because one of the most important files that belong to this malware can no longer be downloaded onto the infected systems. Perhaps this is just a temporary glitch, and perhaps the file will become downloadable again. If that happens, the Anti-Spyware-101.com research team will report back to you as soon as possible. For now, it looks like we are dealing with something that might be obsolete already. That being said, it is always possible that the threat could be spread even if parts of it are dysfunctional. In most cases, ransomware is spread using spam emails or bundled downloaders, and you could always open spam emails much later on, and bundled downloaders could float around with dysfunctional malware for a long time. Whatever the case, whether or not your files were encrypted, you need to remove MarioLocker Ransomware if it got in. Continue reading, and you will learn how to delete this threat.testtest

How does MarioLocker Ransomware work?

According to our malware experts, MarioLocker Ransomware should be capable of encrypting all types of files. That means that it could be exceptionally efficient at corrupting personal files. If a ransomware threat is successful at corrupting highly important files, the victims are likely to be more willing to follow the attackers’ demands. At the end of the day, ransomware is created to make money, and full encryption of sensitive files is an important part of the attack. When files are encrypted – and that is done silently – the threat is meant to rename all o them to “.wasted{number}.” The “{number}” part in the name is a number of the file encrypted in that one folder. So, for example, if you had files named “document.pdf,” “picture.jpg,” or “text.txt” in one folder, they would be renamed to “.wasted1,” “.wasted2,” and “.wasted3.” Needless to say, this could make it impossible for you to figure out what exactly was encrypted. The names of the folders should remain untouched, and so that might help out a little bit. Unfortunately, at this point, even the full removal of MarioLocker Ransomware would not help with the recovery of all files.

After encryption, a file named “@Readme.txt” should be dropped someplace you would notice it right away. The message inside the file informs that Mario locked your files and that you need to follow the steps shown by “WastedBitDecryptor.” According to our researchers, this is an .exe file that should open instructions explaining how to pay money for a decryptor that, allegedly, would restore all encrypted files. This is the file that, at the time of research, was no longer downloadable from the attackers’ server, which means that it was not possible to know what the attackers wanted. Of course, it is most likely that they expected victims to send a specific sum of money to their accounts (most likely, in cryptocurrency) in return for a decryption tool. Well, our research team has a lot of experience with ransomware, and if we know one thing, it is that cybercriminals do not keep their promises. So, whether you face MarioLocker Ransomware, TurkStatik Ransomware, Afrodita Ransomware, or another recent file-encryptor, be careful so as not to get scammed.

How to remove MarioLocker Ransomware

Things are complicated when it comes to MarioLocker Ransomware, and even if this infection successfully encrypted your personal files, there is a good chance that you can do nothing about it. A free, legitimate file decryptor did not exist when we analyzed the threat. It is not possible to obtain a decryptor offered by the attackers. Note that this is not a real option, and we would not recommend following the attackers’ demands even if it was possible to open the WastedBitDecryptor.exe file and pay the ransom. As we mentioned earlier, you cannot recover files by deleting WastedBitDecryptor either. So, what options do you have left? Well, there seems to be one left – file backups. Do you have copies of your personal files backed up online or perhaps on external drives? If you do, remove the file-encryptor and then replace the corrupted files with copies. So, how will you remove this infection? Doing this manually is a complicated task, and so we recommend using anti-malware software. Note that it also provides your Windows system with full-time protection against malware attacks, and so you should not hesitate to install it.

Removal Guide

  1. Delete all recently downloaded suspicious files to, hopefully, delete the launcher file.
  2. Find and Delete the ransom note file named @Readme.txt (if copies exist, erase them too).
  3. Empty Recycle Bin and then quickly install a legitimate malware scanner.
  4. Run a full system scan and then erase threats or leftovers if any are found. 100% FREE spyware scan and
    tested removal of MarioLocker Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *