1 of 3
Danger level 9
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • Annoying Pop-up's
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Maktub Ransomware

Maktub Ransomware is a new malicious threat that can cause irrevocable damage to your personal files, such as photos, videos, and databases if it manages to slither onto your system. This Trojan ransomware installs itself onto your computer without your permission or knowledge. You have no chance to notice its presence since it may finish encrypting your files within a minute or two. You will, of course, know about its vicious act once it reveals itself through a ransom note it displays on your desktop. Although this malware infection does not seem to lock your screen and block executable files, it is still a severe hit to your computer and to you personally as well, since you will not be able to recover your files unless you pay these criminals or you have a backup copy. The usual amount for ransom fees is a few hundred dollars. You really need to consider two things here: one, are your files really worth that much and two, do you really believe that these criminals will keep their promise and send you the private key? Although we may not be able to help you with the decryption of your files, we can tell you this: You must remove Maktub Ransomware ASAP; otherwise, all your new files may get encrypted and it will not be secure to use your computer – if you can at all.

If you want to prevent similarly shocking experiences from happening, you should know how this and other Trojan ransomware programs can infiltrate your system. The most common method is spreading Trojans via spam e-mails and mostly in attachments. These attached files can usually be images, videos, but in this case, Maktub Ransomware seems to be distributed in a zipped Word document. If you download this file, unzip it, and run it, you trigger the Trojan, which in return will start its vicious business of encrypting your files. In other cases it is also possible that there is a corrupt link in the body of the spam mail, or even opening the mail might trigger the drop. Therefore, we suggest that you be very careful in the future with opening your e-mails. Do not take it for granted that whatever mails you find in your inbox they are all trustworthy. Cyber criminals may always be one step ahead of spam filters. We advise you to only open mails that you are actually expecting.

Let us tell you about another method, which might not concern this particular ransomware but it is still a frequently used way to infect computers with dangerous threats. This is done by corrupt image and video links that you may be exposed to via social networking sites, such as Facebook and Twitter. These links can be on your wall, among your feeds, or even in chat windows seemingly coming from friends. You need to think twice before clicking on these links because you may easily drop a bunch of “nasties” onto your computer and before you know it, a ransom note might come up on your screen. We hope that it is clear for you that you must delete Maktub Ransomware and any other infections you may find on your computer because otherwise you will not be safe. You should do this even if you cannot recover your files for some reason.

We have mentioned that this Trojan is spread as a zipped Word document. However, the sample that we tested was an ".exe" file that had a notepad icon; most probably it was disguised to confuse users to make them believe it is actually a text file. The moment this ransomware is installed, it starts to encrypt your files, including your photos, videos, documents, program files, and databases as well. In the first minute of its operation, this infection pops up a Rich Text File with a relatively long text in it that looks like some sort of a privacy statement update. We have found that this text may simply be a distraction so that the encryption process can continue without being noticed.

After a minute or two, the desktop icons are put in a folder called "backup_eqijxri” and then, a ransom note window pops up with a "Maktub locker" label and a timer running. Instead of the usual 72 hours, Maktub Ransomware only gives you 12 hours to comply with the demands. If you fail to do so, the server will automatically delete the private key after your time is up. The encrypted files get an ".eqijxri" extension, which is probably a random string and can be different for each and every computer user. You need to know that without the private key it is impossible to decipher your files, i.e., you lose them forever. It is your decision to make whether you pay these criminals or not. But please consider that you may be supporting crooks to fund newer attacks against other computer users or companies. Also, even if you cannot recover your files, you should act immediately and remove Maktub Ransomware from your system before it can cause more damage to your new files.

Nowadays more and more users tend to make backup copies of their files onto external hard disks or online cloud storages. However, let us tell you this: Some Trojan ransomware infections are capable of attacking online storages through your computer, i.e., access your files in your cloud storage and encrypt them, too. External drives may also be infected if they are connected to your PC at the time of the vicious hit; therefore, we suggest that you keep these drives unplugged when not in use. If you are one of the lucky ones and you have your backup, you should first remove Maktub Ransomware and all other potential threats before you transfer your files back to your PC. Fortunately, it is not at all difficult to eliminate this ugly threat. Please follow our instructions below to clean this dangerous infection from your computer. If you are in doubt regarding whether there are other malware threats on your system, we recommend that you download and install a reliable and up-to-date anti-malware application.

Remove Maktub Ransomware from your Windows

  1. Press Ctrl+Shift+Esc keys at the same time to launch Task Manager.
  2. Find and select the malicious process in the process list. The name will be the same as the malicious file’s and it could be different for every user.
  3. Press End task and exit the Task Manager.
  4. Press Win+E to launch the File Explorer.
  5. Locate the malicious file and delete it. (It should be where you extracted it.)
  6. Remove all the .html files ("_DECRYPT_INFO_[eqijxri].html") from your desktop. (These may be created after each file that is encrypted. “eqijxri” is a random string that is identical to the extensions your files got from this infection.)
  7. Empty your Recycle Bin.
  8. Restart your computer.
Download Spyware Removal Tool to Remove* Maktub Ransomware
  • Quick & tested solution for Maktub Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.