Mr403Forbidden Ransomware is a ransomware-type infection that was discovered in mid-July, 2017. This application is semi-functional, and the good news is that it is incapable of encrypting your files. Therefore, you can remove it, and you will not have to deal with encrypted files that you could not decrypt for free. This ransomware’s developers want you to pay them money for a decryption key. However, paying a ransom is not necessary because you do not need a decryption key. In any case, whether or not this program encrypts your files (because it can be fixed) you should not cave in and pay because the price for a decryption key may not be worth your files.
If Mr403Forbidden Ransomware were to infect your PC, then it will not encrypt your files because its current iteration is unable to do that. We think that is due to the fact that its control and command (C&C) server is down, and does not send instructions to this ransomware to begin the encryption. Nevertheless, this ransomware opens a window with a ransom note. The window reads “File Anda Terkunci!!!” which means “Your File is Locked” in Indonesian. The window also features information on how to pay the ransom. Apparently, you have to contact the cyber criminals via one of the two provided email addresses that are Forbiddenmr403@gmail.com and Mr403forbidden@hotmail.com. The window also features a line where to enter the decryption key (code) and a Decrypt! button. Entering a random code will not do anything, however.
If Mr403Forbidden Ransomware were to work, then it would encrypt your files with an advanced encryption algorithm that the criminals call ./Mr403Forbidden encryption algorithm. This ransomware would also append the encrypted files with an “.alosia” file extension, so if you do not have files with this extension, then rest assured that this ransomware did not encrypt anything. It is also worth mentioning that “Alosia” is also the name of the group of cyber criminals that created this malicious application. As you can see, this program is all show but no go, so you do not have to carry out the demands imposed on your by the cyber crooks. Now let us discuss how this program is distributed.
While there is no definitive answer to how this ransomware is distributed, we think that it is likely that its developers have set up an email server dedicated to spamming the email inboxes of unwary users around the globe. The emails can be disguised as invoices, tax return forms or something of the sort to trick users into opening the file attached to the email. Indeed, in most cases, the executable of a ransomware is attached to the email, but in some cases, the emails feature direct download links to the ransomware. If the ransomware is attached to the email, then it might be disguised an MS Word or PDF document, but it is an executable (EXE) file.
In closing, Mr403Forbidden Ransomware is a potentially dangerous computer infection, but it does not encrypt your files most likely because its command and control server is offline. The fact that this ransomware does not work presents you with a unique opportunity to remove it and avoid the consequence of losing your files of which you may not have copies of. Act swiftly and delete this ransomware manually or get an anti-malware application such as SpyHunter to remove this ransomware for you.