MADA Ransomware Removal Guide

Once the computer gets infected with ransomware, you are likely to find a ransom warning. The MADA ransomware is one of the threats that launches its ransom note in a program window to demand a $100 ransom fee that has to be paid in Bitcoin. The requirement to pay the release fee in exchange to your access to your encrypted data should be ignored, because this destructive threat is a money extortion tool. It is highly important to remove the MADA ransomware immediately after the infection is spotted so that further damage can be prevented.

Once on the computer, the MADA threat encrypts files and appends the extension .LOCKED_BY_pablukl0cker. In order start running every time the computer boots, the infection creates its point of execution in the Windows Registry. Moreover, the threat hides itself by creating its copy named msconfig.exe in the directory %APPDATA%\GoogleChromeUpdate. The file name msconfig is used to prevent the removal of the file, because there is a legitimate system file with the same name. The only difference is that the original msconfig.exe does not have to start running at every system startup. The file is used to launch the System Configuration utility that helps to manage startup programs and fix certain configuration errors. The use of legitimate file names is a commonly used as a hiding technique employed by hackers to make their malicious files remain on the infected device for as long as possible. As a result, when considering how to remove some computer infection, it is worth relying on a reputable security program, which is programmed to identify malicious files so that no damage is caused to the system.

The removal of the MADA ransomware should not be delayed because the MADA ransomware deletes a file every single hour. After 24 hours, more than one file is deleted every hour. The MADA ransomware also threatens that 1,000 files will be deleted if the computer is restarted or powered off and then turned on again. Very similar scare tactics are used by the Jigsaw ransomware and its later variants, one of which is the MADA ransomware.

Additionally, unlike other similar threats, the interface of the MADA ransomware enables victims to see what files are deleted for good.

Ransomware is becoming more and more popular in the dark market, enabling hackers to stay unidentified because of the use of a crypto currency. Bitcoin has been widely used to gather ransom payments from victims, and it is likely to remain the dominant money transaction method until new, more reliable crypto currencies gain in popularity. New crypto currencies offering more privacy and anonymity to money senders are already known to cyber criminals who are not likely to stop creating ransomare.

Since ransomware is likely to prevail for a long time, it is essential to be aware of the most common ways of ransomware distribution to avoid new attacks. Spam emails and the RDP service are two frequently used methods to spread ransomware, so you should be very careful with emails that contain questionable file attachments or links. The RDP service should be used only with a strong password, without allowing unrecognized connections to connect to your device. Other malware, including ransomware, spreading methods should also be taken into account. For example, to drive you to the website containing a malicious script,  pop-up advertisements displayed on various questionable websites may be used. Moreover, malware can access your PC by exploiting system and software vulnerabilities; hence, you the OS and software should be kept updated.

To remove the MADA ransomware, use either our removal guide provided below, or a reputable anti-malware program. If you choose the first option, bear in mind that the system will remain without online protection. As a result, your computer remains susceptible to various threats, which access the system surreptitiously to corrupt or damage your data. Hence, choosing the second version is highly advisable so that you can have the MADA ransomware and other harmful files removed and the system shielded from online threats. Without a reputable tool you will easily put yourself in danger, so act right now to prevent new ransomware and malware attacks.

How to remove the MADA ransomware

1. Check the desktop and the Downloads folder for malicious files. Delete questionable recently downloaded files.
2. Access the directory %APPDATA%\GoogleChromeUpdate\ and delete msconfig.exe.
3. Access the Windows Registry and delete the malicious registry value after following the path HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.