Decrypt .Oops Files Encrypted by Marlboro Ransomware - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Decrypt .Oops Files Encrypted by Marlboro Ransomware

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Marlboro .oops and other threats.
Threats such as Marlboro .oops may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article aims to display how to remove Marlboro ransomware and decrypt .oops files encrypted by it.

Ever since the .oops virus, dubbed Marlboro came out, it has been causing nothing but trouble. This ransomware type of malware aims to append AES-128 cipher in combination with RSA-2048 algorithm to render important documents, music, databases and other important files no longer openable. The user is demanded in a ransom note to pay a hefty sum of 0.2 BTC for a decryptor which cyber-criminals kindly offer. Fortunately, now, thanks to Emsisoft researchers, like Fabian Wosar, a decryptor is publicly available and we have created instructions to help you remove this virus and decrypt .oops files for free.

Marlboro Ransomware – Quick Background

When the .oops virus was initialy discovered, infections were conducted via a .bin type of file which may be spread on social media, via e-mail or via potentially unwanted applications (PUA).

The Marlboro .oops virus immediately begins to encrypt the files on the compromised computer after modifying the registry entries. The types of files the virus scans for to encrypt are multiple:

→ .mid, .wma, .flv, .mkv, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .qcow2, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .tar, .bz2, .tbk, .bak, .tgz, .rar, .zip, .djv, .djvu, .svg, .bmp, .png, .gif, .raw, .cgm, .jpeg, .jpg, .tif, .tiff, .NEF, .psd, .cmd, .bat, .class, .jar, .java, .asp, .aspx, .brd, .sch, .dch, .dip, .vbs, .asm, .pas, .cpp, .php, .ldf, .mdf, .ibd, .MYI, .MYD, .frm, .odb, .dbf, .mdb, .sql, .SQLITEDB, .SQLITE3, .asc, .lay6, ., .lay, .ms11, .sldm, .sldx, .ppsm, .ppsx, .ppam, .docb, .mml, .sxm, .otg, .odg, .uop, .uot, .potx, .potm, .pptx, .pptm, .std, .sxd, .pot, .pps, .sti, .sxi, .otp, .odp, .wks, .xltx, .xltm, .xlsx, .xlsm, .xlsb, .slk, .xlw, .xlt, .xlm, .xlc, .dif, .stc, .sxc, .ots, .ods, .hwp, .dotm, .dotx, .docm, .docx, .DOT, .max, .xml, .txt, .CSV, .RTF, .pdf, .XLS, .PPT, .stw, .sxw, .ott, .odt, .DOC, .pem, .csr, .crt, .key, .dat

After encryption, Marlboro virus appends the .oops file extension to them and they can no longer be opened, looking like the following:

In addition to this, the .oops variant of Marlboro adds a rather long .html ransom note, called “_HELP_Recover_Files_.html”. This ransom note aims to scare users into paying the sum of 0.2 BTC to the cyber-criminals to get their files back.

Fortunately, now that a decryptor has been released, all you have to do is follow the instructions below to remove the Marlboro virus and hopefully decode your files.

Remove Marlboro .oops Virus

Before the actual decryption takes place, you need to make sure your PC is secure. This is why we suggest you to follow the instructions below to eradicate any malware that may be residing on your computer and this includes the Marlboro .oops virus as well.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...