Mobef-Salam Ransomware

The Mobef-Salam Ransomware is a variant of the Mobef Ransomware, a Trojan that can use multiple encryption algorithms for blocking your files, with recreational and workplace media being the most at-risk targets. Malware experts verify that the Mobef-Salam Ransomware's campaign uses infection methods targeting Italian PC owners, but its features are capable of holding content hostage anywhere in the world equally. Users should strive for having backups for any infection recovery, and anti-malware programs for uninstalling the Mobef-Salam Ransomware in safety.

Italy Gets a Taste of Trojan 'Peace'

Over the past two years, the Mobef Ransomware family has had minimal activity by comparison to high-profile threats like the RaaS-based Crysis Ransomware or the 'freeware' Trojan of Hidden Tear. However, a new and, apparently, inexperienced, threat actor is beginning to use this family's code in his file-locking attacks. The new version he's distributing, the Mobef-Salam Ransomware, uses an Arabic-based theme, but only is being seen in Italy, so far.

The different infection methods that the Mobef-Salam Ransomware's campaign may be using run the range of all of the following possibilities:

• E-mail attachments may hide Trojan-downloading exploits inside of document macros, and similar security vulnerabilities.
• The Mobef-Salam Ransomware's threat actor may employ exploit kits (such as the recent Nebula Exploit Kit, which is a notable file-locker Trojan distributor) for installing the threat whenever a Web browser without extra protection loads a compromised domain or ad-serving network.
• Some attacks also use bundles with torrents and similar, file-sharing apparatus, although this tactic is less frequent than the above ones.

The Mobef-Salam Ransomware retains a complete file-locking feature that can block documents, pictures, and similar media automatically, which is the primary purpose of any infection. Since the Mobef Ransomware's family includes support for multiple encryption algorithms, malware experts can't determine the compatibility of any hostage files with any free 'unlocking' software, although victims may provide samples to interested cyber-security specialists for further investigation. You also may experience supporting symptoms, such as changes to your wallpaper, pop-ups, or new extensions that the Trojan adds to the names of any files.

Culling the Mobef Ransomware Family's Latest Offspring

All victims of the Mobef-Salam Ransomware infections, for now, reside in Italy, which is a not uncommon choice for a file-locker Trojan's campaign. However, the Mobef-Salam Ransomware's author is using English-based notes for collecting money afterward. These messages use unusual names and extensions ('READ.4YOU') that aren't traditional for Mobef Ransomware family, or most, other families. The limited instructions provide an e-mail for negotiating and ask for Bitcoins for the decryptor that, potentially, unlocks your files.

Paying that ransom doesn't always give a victim the supposed decryption service they're buying, and malware experts emphasize having a backup storage plan for turning any consideration of a ransom into a redundancy. Even when they don't assist the purchaser, the con actors can keep Bitcoin payments without any risk of fraud protection-based refunding. Besides saving a backup, users can defend their media by disabling Web-browsing scripts, turning off document macros, and letting their anti-malware products detect and remove the Mobef-Salam Ransomware.

Malware researchers are unsure as to whether the Mobef-Salam Ransomware will branch out to other nations, in time. Whether or not it stays inside of Italy's borders, the Mobef-Salam Ransomware is just one of a crop of file-locking threats that call for PC owners to review their data storage protocols on a weekly basis.