Emsisoft Decrypter for Marlboro decrypts another newly discovered bit of ransomware that attacks both 32-bit and 64-bit systems.
This particular strain is written in C++ and uses an XOR-based encryption algorithm to do its dirty work. The files which have been encrypted are renamed to ".oops, " and the ransom note gets stored within a file named "_HELP_Recover_Files_.html." There is no other point of contact offered by these criminals. There is apparently a bug in this ransomware's code which causes it to truncate up to the last 7 bytes of any encrypted files which will make it impossible for Emsisoft Decrypter for Marlboro to reconstruct them. But it is noted by Emsisoft that this will not make much of a difference in the overall recovery of the data.
Emsisoft Decrypter for Marlboro will need access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the needed encryption keys. It is noted that you should not change the file names of the original and encrypted file, as file name comparisons may be performed to determine the correct file extension used for the encrypted files on your system.