Mobef Ransomware Encrypts Using .KEYZ Extension

mobef ransomwareThere have been so many instances of Ransomware attack reported this year and the graph is still going up with no looking back. The reports are horrifying as quantum of data have been encrypted by malware which is better known as Ransomware. Mobef Ransomware is  yet another nasty malware known to be using DES encryption algorithm. Actually the very intention of the hackers is evident by the creation of Mobef Ransomware that they wanted to come up with something more nasty and which can be quite unfamiliar to cope up with. According to researchers this ransomware is uses RSA algorithm using AES-128 ciphers demanding ransom for decrypting of files. it is known to be highly dangerous due to the fact as it employs exploit kit. the strategy of exploit kit works as it is driven by download of files. As soon as the system gets infected, users are greeted with message asking them to pay the ransom amount for the decryption tool. The message precisely reads “Your files are now encrypted. I have the key to decrypt them back. I will give you a decrypter if you pay me. Email me at: [email protected] or [email protected]”. If you are also getting this weird message, then it is a clear indication your PC has been infected.

Threat Summary : Mobef Ransomware

Alias:      Mobef
Type:       Ransomware
Encryption: It encrypts files using RSA algorithhm with AES-128 Ciphers
Symptoms:  Encrypted files get inaccessible along with .txt file with instructions demanding Ransom
Distribution:Driven by download, File Sharing over the Network.

It is so nasty a malware that it drops malicious executable files on the targeted PC as and are mainly responsible for getting the files and stored data encrypted.

  • Tmp.exe
  • 33.tmp.exe
  • Ransom.Mobef.A.exe

This particular ransom virus is also known for creating and modifying Windows registry entries. Mobef ransomware is reported of encrypting data using strong AES as well as DES algorithm. Once if the files get encrypted, it becomes almost impossible to access the files. Even if the users attempts to access the encrypted files, they are confronted with the message to pay the ransom amount to hackers for getting the data decrypted.

The custom registry entries that is usually modified as

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

What is more annoying is the fact, Mobef Ransomware might change the desktop background with the ransom message bearing the same one as it is found in the .txt file present along with encrypted files. there it becomes necessary to remove Mobef Ransomware in order to make your PC free from the clutches of this weird malware. This is not only one instance where ransomware can be a great nuisance, many other cases have also been reported where nasty encryption techniques have been adopted by hackers for targeting computers all across.

https://www.theguardian.com/technology/2015/feb/03/hackers-websites-ransom-switching-encryption-keys