- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Mobef Ransomware is a vicious infection that can enter your operating system when you least expect it. In order to access computer, it needs to conceal itself, and it uses clever disguises. In most cases, ransomware infections employ spam email attacks. These attacks might be supported by social engineering scams created to extract personal information, in which case, corrupted spam emails could be addressed personally to you, and you are more likely to interact with them. Of course, other methods of distribution could be employed as well, and, in the worst case scenario, you will have this ransomware downloaded with other malicious threats. The bad news is that the ransomware alone can do a lot of damage, and most users discover this threat too late. In either case, it is important to remove Mobef Ransomware, and this report explains how to do that.
According to our researchers, there are several different versions of Mobef Ransomware. Whichever version you encounter, it will not be difficult to discover this threat once it is executed. This infection encrypts your personal files using DES, RSA, and AES encryption algorithms, and uses that as leverage to demand a ransom payment. This request will be presented to you via a pop-up notification that, in our case, appeared in a red-on-black format. If a pop-up does not show up right after execution, your operating system might be forced to restart. Additionally, text files (e.g., 5-02-2016-INFECTION.TXT) will appear in every directory containing encrypted files. Both the pop-up and the text files are created to convince you that you need to pay a ransom in order to retrieve a file decrypter. In fact, you are not told to make a payment right away. First, you are asked to contact one of the provided emails (e.g., email@example.com or firstname.lastname@example.org). After this, you are provided with further instructions regarding the payment. Obviously, you have to think very carefully before you make the payment because there are no guarantees that your files will be decrypted.
There are plenty of file extensions that Mobef Ransomware targets, including .doc, .pdf, .ppt, .xls, and .zip. This infection is meant to decrypt personal files because users are more likely to pay a ransom for them. Unlike CryptoHasYou Ransomware, Maktub Ransomware, and many other infamous threats, Mobef Ransomware does not attach an extension to the files it encrypts. This might make it more difficult for you to identify the corrupted files, but, as you try to open them, you will be shown a pop-up message indicating that Windows cannot open them. Obviously, Windows has nothing to do with the disabled access to your personal files, and it is the ransomware that is responsible for this.
If you open the Task Manager, you might be able to detect suspicious activity. For example, you might find processes with random names, and you might discover an active application called “HELLO WORLD!” or “KGB HAS YOUR KOMPUTER” or something similar. If you discover suspicious processes and applications, you definitely need to consider the activity of malicious software, including ransomware. We have also found that this malicious infection silently modifies system files responsible for file encryption (under C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ and C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\). Furthermore, this threat can contact remote servers (e.g., kentamplin.net) to transfer data. It is possible that this server will be used to store the decryption key that you need to release your personal files.
The bad news is that Mobef Ransomware is very difficult to stop. If you let it in, it immediately encrypts your personal files, and you cannot decrypt them without a decryption key that is likely to be stored in a remote server. Hopefully, your photos, documents, and other private files are backed up elsewhere, and you can eliminate the ransomware without fearing their loss. If you decide that you need to pay the ransom, make sure you weight all pros and cons because you do not want to make the wrong step. Finally, whatever your decision is, you have to make sure that you delete Mobef Ransomware. Erase all files associated with this infection – including the initial executable – and then scan your PC for any leftover infections. We suggest implementing an automated malware remover, a tool that can both erase existing malware and protect your operating system from malicious attacks in the future.
Mobef Ransomware Removal