MafiaWare Ransomware Removal Guide

Do you know what MafiaWare Ransomware is?

MafiaWare Ransomware is a computer infection that attacks you when you expect it the least. This program does not need your permission to enter your computer, but the sad truth is that users still initiate the download and installation of this ransomware infection. How does that happen? How is it possible to remove MafiaWare Ransomware? What are the implications of this infection? If you wish to find out more, please continue reading this description. We will try to cover as much details about this program as possible, so that you would find out more about the infection.

Our research lab team says that this program is another version of the HiddenTear or Crysis Ransomware. Therefore, it is similar to Payday Ransomware, HappyLocker Ransomware, 8lock8 Ransomware, and many other infections that were based on the same malicious code. It does not mean that all of them were created by the same people, however. It is very likely that the HiddenTear ransomware code was shared among the cybercrime community, and a number of developers used it to create their own custom ransomware infection. Hence, the methods of dealing with each infection differ as well, and what can be applied to one program, may not be applicable to another.MafiaWare Ransomware Removal GuideMafiaWare Ransomware screenshot
Scroll down for full removal instructions

The best way to protect yourself from a ransomware infection is to avoid it altogether. For that, you need to know how ransomware programs spread across the Internet. Usually, they employ spam email campaigns to reach multiple computers worldwide. The same applies to MafiaWare Ransomware, as well. You must have installed this program accidentally when you opened some email attachment. Therefore, it is important to learn which attachments are suspicious and which are safe. You most probably downloaded an attachment that looked like an MS Word or Excel file. Perhaps you thought it was an invoice from an online store? Or perhaps it looked like a report from your bank? Whichever it might have been, we would like to point out that reputable companies seldom second MS Word or Excel files with important information in them. It is far more likely that your invoice will be embedded in the email message itself, or that you will find a secure outgoing link in the mail, leading you to the information on the official website.

Hence, if you are about to open an unfamiliar file attachment, you should think twice before doing so. If you are not sure, you can always scan it with a security tool, to see if it is safe or not.

However, what happens if MafiaWare Ransomware enters your computer either way? Well, this program behaves like most of the ransomware infections. It scans your system, looking for the types of files it can encrypt. Although there are ransomware programs that can encrypt almost all files on the infected computer, MafiaWare Ransomware does not do that. We have found that the program affects all document and picture file formats. So it is very likely that it will encrypt most of your frequently-used files.

Once the encryption is complete, all the affected files get a new extension: .locked-by-mafia. With that, you can easily see which files have been encrypted by the program. Aside from that, the program also drops a READ_ME.txt file on your desktop. The file comes with these instructions:

Your files has been encrypted by depsex
Pay $155 to my bitcoin address 1Cs7xqkujGWQAMq1y54D68QWWKyCz266zz
And send the proof to my email

Will the hacker issue the decryption key if you pay the ransom? The chances are pretty slim. What’s more, there is always a possibility that the server connection between the infection and its command and control center might time out, so trusting these criminals is never a good idea.

You should remove MafiaWare Ransomware from your computer right now, if you wish you restore your files. Although a public decryption tool is not available at the time of writing, you can get your files back from a system backup (if you have one). Also, users often have quite a few files stored in online drives, and even in their inboxes. So please consider all of your options because paying the ransom fee is definitely not a good idea.

How to Remove MafiaWare Ransomware

  1. Open your Downloads folder.
  2. Find the most recently downloaded file.
  3. Delete the file.
  4. Scan your computer with SpyHunter.

In non-techie terms:

MafiaWare Ransomware will encrypt your files and you will no longer be able to access them. This malicious infection wants your money, and it will try its best to convince you that if you do not pay, your files will be gone for good. Do not succumb to these threats. Remove MafiaWare Ransomware with a licensed antispyware tool and then ensure your system is safeguarded against similar intruders in the future.