Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Nov 2018

How to remove M@r1a ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

M@r1a ransomware – a dangerous cryptovirus which urges $50 in exchange for the decryption tool

M@r1a ransomware

M@r1a ransomware, also known as .mariacbc Files Virus, appears in the computer system thanks to phishing email messages. Once installed, this cyber threat starts modifying the Windows Registry[1] by adding dubious registries to it. After this secret activity, M@r1a virus begins the encryption process. The ransomware uses unique encryption algorithms such as AES or RSA to lock important files on the infected computer and adds the .mariacbc extension to each of it. Furthermore, the virus displays a ransom message named ReadME-M@r1a.txt which purpose is to announce about the secret encryption and urge 0.002 BTC ($50) as the price needed for the decryption key. Additionally, crooks give the farhani.ma98@gmail.com email address and the @ MAF420 telegram as a way to contact them.

Name M@r1a
Also known as .mariacbc Files Virus
Category Ransomware
Danger level Very high. Locks files which can lead to permanent data loss
Appendix added .mariacbc
Ransom message ReadME-M@r1a.txt
Encryption algorithm AES-256
Ransom type 0.002 BTC ($50)
Contacts farhani.ma98@gmail.com, @ MAF420
Distribution Spam messages and their attachments
Removal Get rid of the virus and use FortectIntego to detect all damaged objects

Once M@r1a ransomware enters your computer system you will recognize this dangerous cryptovirus from its specific extension and this ransom message:

the Personal Key 
[On5niFpsfas ***] 
Warning: Please the Do not the Restart or Shutdown Your the PC, 
the If do IT Pesonal Your Files Permanently Crypted. 
For Decrypt Your Personal Just Pay 50 $ or 0.002 BTC. The Pay You the Can of After the send key to personal 
Telegram: @ MAF420 or Email: farhani.ma98@gmail.com 
The BTC Transfer the Address: 1EME4Y8zHLGQbzjs9YZ5fnbaSLt4ggkRso

As we can see, crooks who spread M@r1a ransomware demand a particular ransom which needs to be paid if wanted to receive a decryption tool for locked files. However, do not rush to trust these people. Usually, cybercriminals are very likely to scam gullible users after they get the money. We offer to stay away from any contact with the crooks. As another option, try recovering your files by using our provided data recovery tools that can be found under this article.

Sometimes, ransomware viruses[2] can cause malware infiltration. They clean paths for other viruses, and threats such as Trojans[3] can easily reach the system. This can cause even more damage and complicate the elimination process. Because of this reason, make sure you perform the M@r1a ransomware removal as soon as you spot the first symptoms that relate to this dangerous computer infection.

Even though criminals use unique ciphers such as RSA or AES to make the encoding process almost impossible to identify, you should not fall for believing in the crooks' promises as there is a very big possibility that they are false. Remove M@r1a virus and prepare for the future. Store important data on USB devices to keep it unreachable from anyone else, except you. Moreover, you should consider installing FortectIntego which will detect all the damage that was done by the ransomware.

M@r1a ransomware virus

Take precautionary steps to avoid ransomware viruses

According to tech experts from NoVirus.uk website[4], ransomware can be avoided like any other computer infection if you just put a little bit of effort of in it. Note that ransomware viruses can spread via:

  • spam messages and their malicious attachments;
  • potentially dangerous websites.

You can avoid secret ransomware infiltration by deleting all dubious messages you receive. If you find an email with some attachments that come from a questionable sender – better eliminate them, otherwise, you might get yourself and your computer system into trouble. Moreover, avoid visiting dubious-looking sites and eliminate all PUPs if you have some in your system. Adware and browser hijackers are very likely to redirect users to potentially harmful web pages.

Another good option would be to choose a reliable antivirus program and install it into your computer system. Do not hesitate to invest in a truly reputable tool as if taken care of properly, such software will protect the computer and all its system components from various threats and problems.

Terminate M@r1a ransomware

If you have spotted files encrypted with the .mariacbc extension, do not hurry to perform the decryption process with the data recovery tools. First, you need to remove M@r1a virus from your computer system, otherwise, all your activity will be useless as the dangerous cyber threat will renew itself and the encryption with the next computer boot. Use software such as FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes to find all damaged objects.

Perform the M@r1a ransomware removal by using reputable anti-malware tools. Manual elimination is not possible for this case as the cyber threat appears to be too dangerous to get rid of by your own. After the process is finished, refresh the entire computer system to ensure that no virus-related components are still active. Now, you can start thinking about the data recovery techniques. Check out our third-party provided software below this text.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.