MGS Ransomware

Getting infected with malware is always bad news, and no one would ever want to deal with MGS Ransomware. It is a new infection from the Crysis Ransomware and Dharma Ransomware family. The program itself might not look like much, but it can easily turn your system into a locker that you cannot access anymore.

It is important to remove MGS Ransomware from your computer as soon as possible, and then look for ways to restore your encrypted files. Please bear in mind that in some cases, it might not be possible to get your files back, and you may have to start building your file library anew.

When ransomware programs come from notable ransomware families, it is easy to guess how they will act. Although it is seldom possible to apply the same decryption tool across several infections, there is also a good chance that a public decryption tool will be developed for MGS Ransomware, and it will be easier to restore your files. Nevertheless, users shouldn’t put all of their eggs in one basket. That is to say, you shouldn’t hope that someone will solve your ransomware problems. You should see to it that you do not get infected with ransomware in the first place.

In order to protect ourselves from MGS Ransomware and other similar infections, we have to learn about the ways that these programs reach their victims. Our research specialists say that this program spreads through spam and unsecured RDP connection. As usual, ransomware programs are not able to enter the target system unless the users allow them to. Now, why would anyone install MGS Ransomware on their computer? This happens because the distribution campaign tricks users into thinking that they are opening decent document files.

For example, spam email campaigns that distribute ransomware might look like notifications from online shopping stores or like some financial reports. If users are used to opening multiple emails every single day, they might not stop to think that something about this particular message or file is off.

However, you should definitely scan received files with a security tool before you open them because you can never know when you could get exposed to a ransomware infection. Although it takes additional time to scan the files you receive, it is always better to be safe than sorry. If it’s possible to avoid the likes of MGS Ransomware, you should definitely do everything you can.

Now, when MGS Ransomware enters the target computer, it doesn’t offer anything new to the researchers. It means that this program functions pretty much the same as all the other applications from the Crysis Ransomware family. The different thing is the extension that gets added to all the affected files. For example, if you have a dog.jpeg file on your computer, once MGS Ransomware is done with it, the filename will look like dog.jpeg.id-5c906126.[mrcrypt@cock.li].MGS. Please note that the ID in the extension can be unique to every single affected system. Ransomware often uses IDs to identify different instances of the same infection.

Then, once the encryption is complete, MGS Ransomware will also drop a ransom note. It will open a window that says the following:

ALL FILES ENCRYPTED “RSA1024”
ALL YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL mrcrypt@cock.li
IN THE LETTER WRITE YOUR ID, YOUR ID 5C906126
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL: mr.crypt@tutanota.com
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON’T PULL TIME, WAITING YOUR EMAIL

It doesn’t say how much you are supposed for the decryption key, but it is more than obvious that you should never contact these criminals. Please refer to the manual removal instructions below to terminate MGS Ransomware for good. If you do not want to deal with this program on your own, you can remove it automatically with a licensed antispyware tool.

If you have a file back-up, you can delete the encrypted files and just transfer the healthy copies back into your computer. If you do not have copies of your files saved someplace else, be ready to address a professional for other file recovery options.

How to Remove MGS Ransomware

1. Use the Win+E command to access the following directories:
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
   %WINDIR%\System32\
   %APPDATA%\
2. Delete the Info.hta file from the directories above.
3. Press Win+R and type regedit. Click OK.
4. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
5. On the right side, right-click and delete the values with “Info.hta” in their paths.
6. In the same key, right-click and delete a value with a random-name EXE file.
7. Use the Win+E command to access the following directories:
   %WINDIR%\System32\
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
8. Delete a random-name EXE file from the directories above.
9. Scan your computer with SpyHunter.