Math Ransomware

What is Math Ransomware?

It seems that Math Ransomware is a file-encrypting threat that is targeted at users who speak Italian. As you see, the malware shows a message that is written almost entirely in Italian. It should appear as soon as the malicious application encrypts files and marks them with the .math extension. If you want to know more about how this threat works as well as where it might come from and how it could be erased, we encourage you to read our full article. For users who not only want to read about the malware but also learn how to remove Math Ransomware manually, we can offer our deletion instructions that are available at the end of this article. If you have any questions, do not hesitate to contact us by leaving us a message in the comments section.

Where does Math Ransomware come from?

Research revealed that the Math Ransomware’s victims could be tricked into opening the malware. Our researchers at Anti-spyware-101.com say that its launcher could have a PDF’s icon. Thus, the file might look like a document and not raise any suspicion. However, even if the malwares launcher does not look harmful, it is likely that it ought to come from untrustworthy sources. For example, it could be sent via email or offered on unreliable websites. Thus, users who want to keep away from similar threats should never open data from untrustworthy sources even if it seems harmless. If you must interact with questionable files, you should at least check them with a legitimate antimalware tool first.

How does Math Ransomware work?

The malware should start with creating files in the %LOCALAPPDATA% and %APPDATA% directories. Our researchers say that the threat may create its files in folders called Drpbx and Frfx so that it would look like they belong to legitimate applications. Afterward, Math Ransomware ought to start encrypting pictures, videos, various documents, and other personal files with a strong encryption algorithm. During this process, the targeted files should become unreadable as well as get an additional extension called .math.

Soon after encrypting all targeted files, Math Ransomware should show a message written in Italian. It should explain what the threat did to a victim’s files and that they can only be restored with special decryption tools that the malicious application’s creators have. Unfortunately, hackers want to be paid in Bitcoins in exchange for the decryption tools and they threaten to erase data if victims do not pay ransom or try to delete Math Ransomware. What you should know is that even if you pay ransom in time, it does not guarantee that hackers will hold on to their promises. Therefore, we advise not to put up with any demands if you do not want to risk your money.

How to remove Math Ransomware?

Victims can try to erase Math Ransomware manually, although it might not be an easy task. Still, if you think you are up to it, you could use our deletion instructions that are available below this paragraph. The other way to eliminate Math Ransomware is to get a legitimate antimalware tool, scan your computer with it, and then click its presented removal button to get rid of all detections at once.

Erase Math Ransomware

1. Tap Ctrl+Alt+Delete.
2. Open Task Manager and click on Processes.
3. Find a process belonging to the malware.
4. Select it and click End Task.
5. Close Task Manager.
6. Press Windows key+E.
7. Search these directories:
   %USERPROFILE%\Desktop
   %USERPROFILE%\Downloads
   %TEMP%
8. Look for the malware’s installer, right-click the malicious file, and press Delete.
9. Find this folder: %LOCALAPPDATA%
10. Locate a folder called Drpbx; you should find a file titled drpbx.exe inside of it.
11. Right-click the folder titled Drpbx and select Delete.
12. Go to: %APPDATA%
13. Find a folder called Frfx: it ought to contain a file named firefox.exe inside of it.
14. Right-click the folder called Frfx and select Delete.
15. Locate this path: %APPDATA%\System32Work
16. Find the following files:
    Address.txt
    dr
    EncryptedFileList.txt
17. Right-click these files separately and press Delete.
18. Exit File Explorer.
19. Press Window key+R.
20. Type Regedit and press Enter.
21. Navigate to: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
22. Right-click a value name belonging to the threat, for example, firefox.exe, and choose Delete to erase it.
23. Exit Registry Editor.
24. Empty Recycle Bin.
25. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of Math Ransomware*