Mbed Ransomware

File-encryption Trojans are running rampant online, and you should stay one step ahead of them by investing in reputable data backup services and reliable anti-virus software. Failing to stop a ransomware attack can have devastating consequences for your files because these cyber-threats are able to inflict long-term damage to your file system, which is impossible to reverse without acquiring the decryption key stored on the servers of the attackers. Unfortunately, this task is not always achievable since some ransomware families (like the STOP Ransomware) are very secure, and they cannot be deciphered for free.

One of the most recent updates to the STOP Ransomware is the Mbed Ransomware – it does not contain any improvements in terms of functionality, but it is still impossible to decipher for free. The only main differences between the Mbed Ransomware and some of the past STOP Ransomware variants is that it uses the '.mbed' extension to alter the names of locked files, and then features the contact addresses salesrestoresoftware@firemail.cc and salesrestoresoftware@gmail.com in the ransom note.

The full instructions of the attackers are found in the text file '_readme.txt,' which is usually placed on the desktop after the Mbed Ransomware completes its attack. According to their message, the perpetrators want to be paid $490 (later increased to $980) via a Bitcoin transaction, and, in exchange, their victims will get access to a working data decryption option.

It is not a good idea to cooperate with the attackers, and we advise victims of the Mbed Ransomware to seek for alternative recovery options. Their top priority should be to ensure the Mbed Ransomware's removal with the help of a trustworthy anti-virus scanner.