It was about 10:30 on April 1st, 2020. My friend messaged me, “Bro my files are encrypted, I think My computer got struck by a virus.” I immediately called him , and ask him about the situation and I ask the following question.
Q1. What were you doing when this happened?
Ans- He said he was downloading a cracked software from a third-party website. Bingo! we got our source.
Q2. What changes occurred in files?
Ans- The files were encrypted and was changed to .mado extension. Cheers! We got another clue.
Q3. Is there any note or readme.txt file?
Ans- Yes, there is one which says, “Don’t Worry, It will be all fine, you have to purchase the software to decrypt it which cost around $1000.” So, now the case is simple as it looks. It was a Ransomware attack, the same we saw in the WannaCry attack.
What is Ransomware attack?
Ransomware is a malware program that restricts the access to system files and folder by encrypting them. Some types of Ransomware may look at the system as well. Once the system is encrypted, it requires the decryption key to unlock the system and files.
What is Mado Virus?
Mado is a ransomware virus program that encrypted all your data with strong AES and RSA ciphers into unreadable .mado files. In the older version of mado virus, especially before August 2019, it was easy to decrypt the encryption with offline decryption tools but after August 2019, the virus in its new form can be decrypted only by a special private key to avoid decryption and it is not possible for a company to develop a tool to decrypt all files as there is a different private key for every encryption.
Why did it spread at this time?
The question is lame, and somewhere important also because the night my friend got infected, I was researching about this, to help my friend. I saw some videos regarding this uploaded just one or two days ago. When I scrolled down the comments, I found out that the people are suffering from it, this time only. But Why?
This proves that my friend is not an unlucky kid who got this. This is a full-proof planning. The date my friend got infected was 1 April 2020, pretty good, April fool huh! But as we try to put it in a frame, we found out that it’s the time of Corona Virus pandemic and what’s better than this to create emergency at this point of time, when most people are on the internet, means potential target list got some more numbers. Even if somebody got infected, they can’t get it to some security professional due to the world-wide lockdown and shutting of offices. So, I must say, that was a great plan
.
How does it spread?
According to sources, the Mado virus usually got bound with cracked games and software and was uploaded to various third-party websites. Sometimes it spread via e-mails by using mass-mailing techniques. Once the user downloaded a file or click on the malicious link, the virus get down to the system’s memory and then start to show its true colors.
What does Mado Virus do?
As discussed earlier, with its strong encryption, It encrypts the data in layers until the user is not ready to pay the ransom in some kind of cryptocurrency like bitcoin. The virus especially targets user’s personal and professional data which include image, software files, important documents, etc.
What should we do when the Mado virus infects our device?
First of all, I advised to turn off the firewall(if it’s not) and if possible disconnect the device from the internet. As I talked about it with my friend, he told me that multiple third-party software is automatically installing on his machine. On which, I advised him the same to disconnect it from the internet. As these third-party apps are definitely some kind of rootkits and Trojans to create remote backdoor access to the attacker over TCP or HTTP. So you should first get rid of them to avoid more damage.
How to remove it?
You can use plenty of software like Spyhunter5, Mcafee, etc, that will first clear the machine from Trojans, Malwares and other viruses including mado. After that you should use a decryption tool to decrypt your data. Note that, the chances of data decryption is unpredictable. You can also use a data reverting tool to make your data in its previous state.
How to avoid it?
- Frankly, you should use Windows Defender, its good, reliable and provide some level of protection against these threats, but make sure it’s updated from time to time.
- Don’t use cracked software or games, as 80% of time contains some kind of malware.
- Don’t click on spam emails or malicious links.
- Always take your backup time to time.
- If you got infected, Try not to panic and apply the above steps.
- There’s no need to pay the ransom.
In the end, be safe and be aware of this malware, they will certainly damage your data and machine. So be smart, because one mistake can make you pay some severe consequences.