Maze ransomware virus is a new crypto virus. Like other crypto malware, it’s basically a malicious program that gets on your PC and runs. It locks up your documents, photos and music and changes their extensions. Read below a brief summary of information related to this ransomware and how to restore or decrypt encrypted files for free.
Maze ransomware
Maze crypto virus prevents you from viewing your files. It forces you to pay the ransom through certain online payment methods in order to get your personal files back. It can be used to encrypt almost all types of files, including common as:
.rim, .iwd, .snx, .rgss3a, .jpeg, .xdl, .nrw, .slm, .docm, .1, .ws, .wmf, .qic, .py, .wpd, .wp, .pkpass, .eps, .menu, .raf, .xbplate, .psd, .mcmeta, .bkf, .big, .pfx, .m3u, .asset, .docx, .ntl, .xls, .dxg, .db0, .3fr, .tor, .odt, .wav, .syncdb, wallet, .zip, .apk, .bc7, .zabw, .wpl, .wmv, .xld, .wri, .xyp, .x3d, .ai, .wpg, .jpe, .litemod, .1st, .sr2, .ppt, .bsa, .srf, .itl, .xyw, .wpd, .wpt, .mddata, .xlsm, .kdc, .pdf, .bik, .bay, .csv, .zi, .xdb, .odp, .sid, .vtf, .xlsx, .xlsb, .yml, .qdf, .hplg, .xlk, .wpb, .wps, .wm, .odb, .svg, .forge, .hvpl, .vpk, .t12, .ysp, .srw, .cer, .sie, .pst, .3ds, .itm, .mov, .upk, .zif, .wot, .3dm, .dcr, .sum, .dmp, .xy3, .cas, .der, .zdc, .pptm, .wotreplay, .wpe, .webp, .m4a, .sav, .xlsm, .lbf, .pef, .mef, .ff, .p12, .wsd, .r3d, .wn, .dba, .blob, .xpm, .layout, .rwl, .p7c, .icxs, .mdbackup, .raw, .xbdoc, .mpqge, .wp4, .itdb, .doc, .pak, .xxx, .xml, .odc, .xwp, .esm, .das, .sidd, .wsh, .vpp_pc, .indd, .odm, .x, .wbk, .z, .iwi, .wbc, .gdb, .wpw, .gho, .zw, .crw, .sis, .avi, .psk, .p7b, .d3dbsp, .lvl, .m2, .wcf, .wbz, .wsc, .mrwref, .wmv, .css, .xlgc, .cfr, .rw2, .wp6, .wma, .wbm, .xll, .xmind, .hkx, .map, .cr2, .vdf, .webdoc, .lrf, .erf, .mp4, .wbmp, .rar, .epk, .x3f, .wmd, .vfs0, .ztmp, .mdf, .w3x, .png, .fos
Upon encryption, all encrypted photos, documents and music will then be appended with a new (random) extension (e.g., ‘photo.jpg is renamed to ‘photo.jpg.B905’). Ransomware leaves a ransom message called ‘DECRYPT-FILES.html’ with instructions for extortion and ransom payment, threatening destruction of files if payment is not made. The ransom note directs victims to make payment online in Bitcoins.
0010 SYSTEM FAILURE 0010 Attention! Your documents, photos, databases, and other important files have been encrypted! The only way to decrypt your files, is to buy the private key from us. You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data. In order to receive the private key contact us via email: filedecryptor@nuke.africa Remember to hurry up, as your email address may not be avaliable for very long. Buying the key immediatly will guarantee that 100% of your files will be restored. Below you will see a big base64 blob, you will need to email us and copy this blob to us. you can click on it, and it will be copied into the clipboard. If you have troubles copying it, just send us the file you are currently reading, as an attachment.
Threat Summary
| Name | Maze |
| Type | Ransomware, Filecoder, Crypto virus, File locker |
| Ransom note | DECRYPT-FILES.html |
| Contact | filedecryptor@nuke.africa |
| Ransom amount | $300-$1000 in Bitcoins |
| Detection Names | Win32:Adware-gen [Adw] (Avast), TR/Kryptik.ijmxi (Avira), Trojan-Ransom.Win32.Gen.qqa (Kaspersky), Artemis!F83FB9CE6A83 (McAfee), Trojan.Gen.2 (Symantec) |
| Symptoms |
|
| Removal | To remove Maze ransomware use the removal guide |
| Decryption | To decrypt Maze ransomware use the steps |
Instructions which is shown below, will allow you to remove Maze crypto virus as well as recover encrypted personal files stored on your machine drives.
Quick links
- How to remove Maze crypto virus
- How to decrypt encrypted files
- How to restore encrypted files
- How to protect your PC from Maze ransomware?
- Finish words
How to remove Maze crypto virus
There are a few methods which can be used to remove Maze ransomware. But, not all ransomware such as this crypto malware can be completely deleted using only manual ways. In many cases you’re not able to remove any ransomware using standard MS Windows options. In order to get rid of Maze you need run reliable removal utilities. Most IT security researchers states that Zemana Anti-malware, Malwarebytes or KVRT tools are a right choice. These free programs are able to search for and remove Maze ransomware from your machine for free.
How to remove Maze ransomware with Zemana Anti-malware
Zemana Anti-malware highly recommended, because it can search for security threats such Maze crypto virus,trojans, worms and other malware that most ‘classic’ antivirus apps fail to pick up on. Moreover, if you have any Maze removal problems which cannot be fixed by this utility automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.
- Visit the page linked below to download the latest version of Zemana for MS Windows. Save it to your Desktop.
Zemana AntiMalware
164032 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- Once downloading is done, close all apps and windows on your personal computer. Open a file location. Double-click on the icon that’s named Zemana.AntiMalware.Setup.
- Further, click Next button and follow the prompts.
- Once setup is complete, click the “Scan” button . Zemana program will scan through the whole system for the Maze crypto virus and other security threats. This procedure may take quite a while, so please be patient. While the Zemana Anti Malware tool is scanning, you may see number of objects it has identified as being infected by malicious software.
- When the scan is finished, a list of all threats detected is produced. Review the report and then press “Next”. After disinfection is finished, you can be prompted to reboot your personal computer.
How to remove Maze ransomware virus with MalwareBytes Anti-Malware
You can get rid of Maze ransomware virus automatically with a help of MalwareBytes Anti Malware (MBAM). We recommend this free malicious software removal utility because it can easily remove ransomware, adware software, malware and other undesired applications with all their components such as files, folders and registry entries.
- Visit the following page to download MalwareBytes Anti-Malware. Save it on your MS Windows desktop or in any other place.
Malwarebytes Anti-malware
326385 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- Once the downloading process is done, close all programs and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s named mb3-setup.
- Further, click Next button and follow the prompts.
- Once setup is done, click the “Scan Now” button for scanning your personal computer for the Maze crypto virus, other kinds of potential threats like malicious software and trojans. This procedure can take some time, so please be patient. While the MalwareBytes Free program is checking, you can see how many objects it has identified as threat.
- When MalwareBytes AntiMalware (MBAM) has completed scanning your computer, MalwareBytes will open a list of all threats detected by the scan. You may remove threats (move to Quarantine) by simply click “Quarantine Selected”. Once that process is finished, you can be prompted to reboot your machine.
The following video offers a steps on how to delete browser hijackers, adware software and other malicious software with MalwareBytes Free.
Double-check for crypto virus with KVRT
KVRT is a free removal utility that can be downloaded and run to remove crypto viruss, adware, malware, PUPs, trojans and other threats from your PC. You can run this utility to locate threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool (KVRT) from the link below. Save it on your Desktop.
129056 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the KVRT icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen like below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan for the Maze crypto malware and other trojans and harmful apps. Depending on your machine, the scan may take anywhere from a few minutes to close to an hour. When a malicious software, adware software or PUPs are detected, the number of the security threats will change accordingly. Wait until the the checking is done.
After KVRT has completed scanning, KVRT will produce a list of unwanted programs adware as displayed on the screen below.
Review the results once the utility has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click on Continue to start a cleaning procedure.
How to decrypt encrypted files
The encryption mode is so strong that it’s practically impossible to decrypt encrypted files without the actual encryption key. The bad news is that the only way to get your files back is to pay ($300-1000 in Bitcoins) makers of the Maze crypto virus for a copy of the private (encryption) key.
We don’t recommend paying a ransom, as there is no guarantee that you will be able to decrypt your personal files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.
Free malicious software removal tools listed in this article has the ability to find and remove ransomware and prevent any further damage. After that you can restore encrypted files from their Shadow Copies or using file restore tool.
How to restore encrypted files
In some cases, you can restore files encrypted by Maze ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted personal files.
Recover encrypted files with ShadowExplorer
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Installing the ShadowExplorer is simple. First you will need to download ShadowExplorer by clicking on the link below. Save it to your Desktop.
438669 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After downloading is done, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder like below.
Double click ShadowExplorerPortable to launch it. You will see the a window as shown below.
In top left corner, select a Drive where encrypted files are stored and a latest restore point as displayed on the image below (1 – drive, 2 – restore point).
On right panel look for a file that you want to recover, right click to it and select Export as on the image below.
Recover encrypted files with PhotoRec
Before a file is encrypted, the Maze ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your files using file recover programs such as PhotoRec.
Download PhotoRec on your system from the link below.
Once the downloading process is done, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown on the image below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It will show a screen like below.
Choose a drive to recover like below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as displayed in the following example.
Click File Formats button and select file types to restore. You can to enable or disable the recovery of certain file types. When this is done, press OK button.
Next, press Browse button to choose where restored files should be written, then click Search.
Count of recovered files is updated in real time. All restored personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is complete, click on Quit button. Next, open the directory where restored files are stored. You will see a contents as displayed below.
All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your PC from Maze ransomware?
Most antivirus software already have built-in protection system against the ransomware. Therefore, if your PC does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your personal computer from Maze ransomware
All-in-all, HitmanPro.Alert is a fantastic utility to protect your computer from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows operating system from MS Windows XP to Windows 10.
Click the link below to download HitmanPro Alert. Save it on your Desktop.
Once the download is finished, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro Alert desktop icon. When the utility is launched, you’ll be shown a window where you can choose a level of protection, as shown in the figure below.
Now click the Install button to activate the protection.
Finish words
Once you’ve finished the guidance above, your computer should be free from Maze ransomware and other malware. Your computer will no longer encrypt your documents, photos and music. Unfortunately, if the step-by-step tutorial does not help you, then you have caught a new ransomware, and then the best way – ask for help here.
