Remove Marlock Ransomware
The MedusaLocker Ransomware has given many cybercriminals the opportunity to craft their own file-locker. One of the latest file-lockers belonging to this family is Marlock, or the Marlock Ransomware. When it infiltrates a system, it will encrypt files, and then append the '.marlock7' suffix to their name. The threat also drops the ransom message 'HOW_TO_RECOVER_DATA.html,' which contains instructions for the victim.
There are many active ransomware variants currently. The DecryptDelta Ransomware is another file-encryption Trojan that has been bothering users recently. Usually, their attacks are always the same - encrypting data, and extorting the victim for money.
Marlock Ransomware's note tells victims that their files have already been encrypted with RSA+AES and a copy of those encrypted files is stored on a secure private server. The criminals threaten to release the files to a 3rd-party if the victim does not pay. Victims may contact the attackers using the TOR website link or via the provided email addresses - ithelp01@decorous.cyou or ithelp01@wholeness.business. If victims do not respond within 72 hours, then the price of the decryption tool will increase.
'HOW_TO_RECOVER_DATA.html' Contains the Demands of Marlock Ransomware's Authors
Victims are warned not to rename, modify or delete files in any other way. They are also told to contact the hackers and wait for further instructions, which they should follow. These are pretty much all the contents of the 'HOW_TO_RECOVER_DATA.html' document.
It is impossible to decrypt files encrypted by Marlock Ransomware. Victims usually need to restore them from a backup. Sometimes, they can use a decryption tool downloaded online. However, paying a ransom does not ensure that the attackers will send the decryption tool. Therefore it is never a good idea to do so. Ransomware should always be removed from the infected machine immediately, otherwise it may infect other computers in the local network or encrypt other files that victims would store after the attack.