MauriGo Ransomware Removal Guide

MauriGo Ransomware is one of those nasty infections that enter computers illegally and then mercilessly encrypts users’ personal files. It uses the AES-256 encryption to lock users’ personal files, and there is, actually, only one obvious reason why it has been programmed to lock files on victims’ computers – to help cyber criminals to obtain money from ordinary users. If your files have already been locked, i.e. you have noticed that you can no longer open your documents, videos, pictures, and many other files, and you can locate a ransom note demanding money from you, it means that the ransomware infection has already done its job. You cannot turn the clock back, but you can purchase the decryption key from cyber criminals. Of course, our specialists do not recommend doing this because the chances are high that you will not get any decryptor. Even if you get it, it does not mean that it will work, so if you want a piece of advice from us, it would be best to delete the ransomware infection fully and then recover files using a backup, if possible.

We are sure it will not be difficult to find out about the entrance of MauriGo Ransomware because it will mark all your files with the .encrypted filename extension, and, on top of that, you will find READ_TO_DECRYPT.txt dropped on your computer. This file is a ransom note that contains a message for users that explains them how to unlock their files. Of course, it, first, tells users what the reason they can no longer open files is: “Your documents, videos, images and other forms of data are now inaccessible, and cannot be unlocked without the decryption key. This key is currently being stored on a remote server.” Victims can purchase this key and unlock their files. Its price is 0.7 BTC (~ 6, 209 USD) if only one machine on the network has been affected. If there are more affected computers, the price of the decryption of files stored on them all will cost 5 BTC (~ 44, 125 USD). The ransom must be sent to the provided email address and then users have to open the website indicated in the ransom note and leave a comment for cyber criminals. They promise to reply with the decryption key(s). Users can also upload 2 files on the website to get them decrypted for free. Even if you receive those two files unlocked, there are no guarantees that you will get the decryption tool from them after you send money, so you should not purchase it. There might be no other free ways to unlock files except for restoring data from a backup. Before you try any file recovery method, remove the ransomware infection from the system fully.

It is still unclear how MauriGo Ransomware is distributed because it is a newly-discovered infection, but like many other similar infections, it should be distributed via spam emails, researchers say. Ransomware infections are spread as attachments, but it is not always easy to say that the attachment is malicious since they are often made to look like harmless files. For example, you might see an invoice attached, but it might contain malicious software inside, so you should not open any attachments from spam emails. Of course, this might not be enough to protect the system against malware since these infections might be distributed using other methods too. Because of this, we recommend that you also have a security application enabled on the system. It will not allow even the most harmful infections to enter the system if it stays active 24/7 and gets updates periodically.

Since the ransomware infection does not drop any additional files except for the ransom note, its removal will not be a complicated procedure. To be more specific, you will only need to remove READ_TO_DECRYPT.txt, which is the ransom note, and all files downloaded recently. It is very important to remove the launcher of the ransomware infection so that it could not start working again. If you have never deleted a ransomware infection manually, you should use our manual removal guide provided below. Also, all infections can be deleted automatically. Keep in mind that you will not unlock a single encrypted file by erasing the ransomware infection.

Remove MauriGo Ransomware manually

1. Press Win+E.
2. Access %USERPROFILE%\Downloads and delete all suspicious files.
3. Delete all unknown/suspicious files from your Desktop (%USERPROFILE%\Desktop) too.
4. Remove READ_TO_DECRYPT.txt.
5. Empty Recycle bin.