Emsisoft Decrypter for MRCR 1.0.0.34

Published by

Emsisoft Decrypter for MRCR decrypts the Merry X-Mas strain of ransomware that surfaced in December 2016.

Emsisoft Decrypter for MRCR decrypts the Merry X-Mas strain of ransomware that surfaced in December 2016.The Merry X-Mas ransomware is known to be distributed via SPAM emails that appear to be from the FTC, for instance, notifying you to an alleged violation of the Consumer Credit Protection Act and leads the recipient to click on a link that supposedly goes to the agency. It does not. It directs you to a domain for the malware developer called govapego dot com. Once the link is clicked, it will promptly download a zip file containing complaint.pdf.exe or COMPLAINT.pdf depending on whether or not Windows extensions are disabled. If this is clicked on the installer will covertly wait for some time before starting to encrypt your files.This particular strain is written in Delphi and utilizes custom encryption algorithms that will have either ".PEGS1," ".MRCR1," ".RARE1," ".MERRY", or ".RMCM1" as an extension. The ransom note asks victims to contact either "comodosec@yandex.ru" or "comodosecurity" via the secure mobile messenger Telegram and will be named "YOUR_FILES_ARE_DEAD.HTA".To begin decrypting your files you'll need a file pair that consists of an encrypted file and the non-encrypted version of the same file, they need to be between 64 KB and 100 MB in size. As with other Emsisoft Decrypters, you will select both then drag n' drop them onto the executable to initiate decryption.
  Download