Madek file virus is a new ransomware. Like other ransomware, it is basically a harmful program that gets on your computer and runs. It locks up your documents, photos and music and changes their extensions to .madek file extension. This post will provide you a brief summary of information related to this crypto malware and how to recover (decrypt) encrypted personal files for free.
Files encrypted by Madek ransomware
Madek ransomware virus is a type of malware that blocks access to files, by encrypting them, until the victim pays a ransom payment to the attacker. In many cases, the ransom demand comes with a deadline. If the user does not make a payment within this time frame, the amount will be higher or the encrypted photos, documents and music are gone forever. The files that will be encrypted include the following file extensions:
.qdf, .dng, .wdb, .bkf, .hkdb, .docx, .iwi, .wbm, .mlx, .zip, .itl, .xlgc, .lvl, .dazip, .sidn, .sum, .wma, .odm, .xyp, .rofl, .xar, .eps, .wdp, .ncf, .doc, .dmp, .dba, .wp4, .wps, .sidd, .itdb, .js, .xll, .ff, .p7b, .tax, .odc, .ztmp, .syncdb, .wbk, .cas, .lrf, .wbc, .epk, .forge, .fpk, .wire, .srf, .xlk, .gho, .pptm, .bc7, .pfx, .mef, .pdd, .avi, .litemod, .sid, .sav, .asset, .x3f, .xy3, .map, .1, .xld, .xwp, .wpa, .desc, .wbz, .t12, .wotreplay, .zabw, .rar, .das, .3fr, .rim, .xlsx, .xmind, .wri, .dxg, .fos, .xlsm, .zi, .wsh, .x3f, .sb, .wb2, .kdc, .d3dbsp, .mdbackup, .apk, .m3u, .hkx, .xbdoc, .rb, .arw, .jpe, .xlsm, .xpm, .zif, .dbf, .wps, .csv, .ibank, .x3d, .xdl, .bar, .ysp, .wpe, .sie, .snx, .wsc, .rw2, .css, .wpd, .bkp, .psk, .py, .p7c, .wmo, .wbd, .lbf, .wmv, .wgz, .mddata, .bik, .wpl, .ntl, .db0, .png, .fsh, .xdb, .7z, .ptx, .mov, .wp5, .pak, .pst, .svg, .rgss3a, .sis, .y, .upk, .3dm, .wpd, .zw, .pkpass, .psd, .der, .flv, .arch00, .re4, .ybk, .z, .pem, .sr2, .xbplate, .qic, .mpqge, .wp7, .pef, .crt, .bay, .cfr, .crw, .wcf, .wpw, .pptx, .xlsb, .raf, .xyw, .bc6, .pdf, .vfs0, .0, .jpg, .tor, .ppt, .kdb, .r3d, .xxx, .itm, .wmd, .xx, .vcf, .wpg, .zdb, .mcmeta, .zip, .jpeg, .wn, .wav, .iwd, .wpt, .wp6, .menu, .m4a, .wmf, .webdoc, .odt, .wm, .mp4, .m2, .1st, .z3d, .cdr, .docm, .p12, .layout, .nrw, .webp, .odp, .yml, .hvpl
The Madek ransomware virus encrypts users’ files using a hybrid encryption mode, overwrites most of the content of the original files with the encrypted data and appends the .madek extension to each encrypted file. The user who sees the files with .madek extension understands that they are locked and will remain so until he pays the attackers the required amount of money for obtaining a special key that will decrypt the files. Usually, the creators of the Madek ransomware virus leave a ransom note named ‘_readme.txt’ to users who have infected their computer with this crypto malware, indicating the required amount of ransom.
Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-514KtsAKtH Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Threat Summary
| Name | Madek |
| Type | Ransomware, Filecoder, Crypto malware, Crypto virus, File virus |
| Encrypted files extension | .madek |
| Ransom note | _readme.txt |
| Contact | gorentos@bitmessage.ch |
| Ransom amount | $980 in Bitcoins |
| Symptoms | Unable to open documents, photos and music. Your documents, photos and music have a wrong name, suffix or extension, or don’t look right when you open them. Files named such as ‘_readme.txt’, ‘#_README_#’, ‘_DECRYPT_’ or ‘_readme’ in each folder with at least one encrypted file. |
| Distribution methods | Spam mails that contain malicious links. Drive-by downloading (when a user unknowingly visits an infected website and then malicious software is installed without the user’s knowledge). Social media posts (they can be used to entice users to download malware with a built-in ransomware downloader or click a misleading link). Remote desktop protocol (RDP) hacking. |
| Removal | To remove Madek ransomware use the removal guide |
| Decryption | Use the Madek decryption tool |
We recommend you to delete Madek virus sooner, until the presence of the crypto malware has not led to even worse consequences. You need to follow the step-by-step instructions below that will help you to completely remove Madek ransomware from your system as well as recover encrypted files, using only few free tools.
Quick links
- How to remove .Madek file virus
- How to decrypt .madek files
- Madek decryption tool
- How to restore .madek files
- How to protect your PC from Madek ransomware virus?
- Finish words
How to remove .Madek file virus
Malware removal utilities are pretty useful when you think your computer is infected by ransomware virus. Below we will discover best tools that has the ability to identify and remove Madek crypto virus from your computer.
Remove Madek with Zemana Anti-Malware (ZAM)
Zemana Free is a malicious software scanner that is very useful for detecting and removing Madek crypto virus. The steps below will explain how to download, install, and use Zemana AntiMalware (ZAM) to scan your system and remove crypto viruses, trojans, adware, malicious software, spyware, worms for free.
- First, please go to the following link, then click the ‘Download’ button in order to download the latest version of Zemana.
Zemana AntiMalware
164984 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- Once you have downloaded the installation file, make sure to double click on the Zemana.AntiMalware.Setup. This would start the Zemana Anti-Malware installation on your machine.
- Select install language and press ‘OK’ button.
- On the next screen ‘Setup Wizard’ simply press the ‘Next’ button and follow the prompts.
- Finally, once the installation is complete, Zemana Free will launch automatically. Else, if does not then double-click on the Zemana Anti-Malware icon on your desktop.
- Now that you have successfully install Zemana Anti-Malware (ZAM), let’s see How to use Zemana AntiMalware (ZAM) to delete Madek virus from your computer.
- After you have started the Zemana AntiMalware (ZAM), you’ll see a window as displayed on the screen below, just press ‘Scan’ button . Zemana AntiMalware (ZAM) application will scan through the whole computer for the .Madek file virus.
- Now pay attention to the screen while Zemana Free scans your computer.
- Once Zemana Anti-Malware completes the scan, Zemana Anti Malware will display a screen that contains a list of malware that has been detected. Review the scan results and then click ‘Next’ button.
- Zemana Anti Malware may require a restart computer in order to complete the Madek virus removal procedure.
- If you want to permanently delete crypto malware from your system, then click ‘Quarantine’ icon, select all malware, adware, potentially unwanted applications and other items and click Delete.
- Restart your personal computer to complete the ransomware removal procedure.
How to automatically remove Madek ransomware with MalwareBytes Free
You can uninstall Madek automatically with a help of MalwareBytes AntiMalware. We recommend this free malicious software removal utility because it can easily remove ransomware, adware software, malicious software and other undesired programs with all their components such as files, folders and registry entries.
Installing the MalwareBytes is simple. First you will need to download MalwareBytes Free from the following link. Save it on your Windows desktop or in any other place.
327224 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After downloading is finished, close all software and windows on your system. Open a directory in which you saved it. Double-click on the icon that’s called mb3-setup as on the image below.
When the setup begins, you will see the “Setup wizard” that will help you install Malwarebytes on your personal computer.
Once installation is complete, you’ll see window as shown in the following example.
Now click the “Scan Now” button . MalwareBytes application will scan through the whole machine for the Madek crypto malware and other security threats. While the tool is scanning, you may see number of objects and files has already scanned.
After the system scan is complete, it will display the Scan Results. All detected threats will be marked. You can remove them all by simply click “Quarantine Selected” button.
The Malwarebytes will now remove Madek ransomware, other malware, worms and trojans and move threats to the program’s quarantine. After that process is complete, you may be prompted to restart your PC system.
The following video explains few simple steps on how to remove hijacker infection, adware and other malware with MalwareBytes Anti-Malware (MBAM).
Scan your computer and remove Madek ransomware virus with KVRT
If MalwareBytes antimalware or Zemana anti malware cannot remove this ransomware, then we recommends to run the KVRT. KVRT is a free removal utility for crypto viruses, trojans, spyware, worms and other malware.
Download Kaspersky virus removal tool (KVRT) from the link below.
129279 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the downloading process is finished, double-click on the KVRT icon. Once initialization process is finished, you will see the Kaspersky virus removal tool screen as displayed in the following example.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button to perform a system scan for the Madek crypto malware and other known infections.
As the scanning ends, you may check all items found on your machine as shown in the figure below.
You may delete items (move to Quarantine) by simply press on Continue to start a cleaning process.
How to decrypt .madek files
As mentioned earlier, the ransom payment is the only way to decrypt .madek files, unfortunately. After the user transfers the specified amount of money (usually $300-$1000 in Bitcoins) to the scammers, they provide a private key to decrypt the affected data.
However, it should be noted that the transferred amount of money to creators of the Madek crypto virus is not yet a guarantee that the user will receive a code to decrypt the locked files. Very often, after receiving the ransom, cyber frauds impose new requirements for the transfer of an even larger amount of money. It is impossible to predict unambiguously what will be the actions of scammers who developed the Madek crypto virus, but it is safe to say that these actions are immoral and illegal.
Files encrypted by Madek ransomware
However, it is not necessary to pay the scammers a ransom payment, the best option in case of infection of this ransomware virus is to archive the files that were affected by it, until the moment of obtaining the Madek decryption utility. On this article below you will find effective steps on how to recover (decrypt) encrypted photos, documents and music for free.
Madek decryption tool
With some variants of Madek ransomware, it is possible to decrypt encrypted files using free tools listed below.
Michael Gillespie (@) released the Madek decryption tool named STOPDecrypter. It can decrypt .Madek files if they were encrypted by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.
Madek decryption tool
STOPDecrypter is a program that can be used for Madek files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Madek files using this free tool.
- Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip - After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
- Further, select ‘Extract all’ and follow the prompts.
- Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.
How to restore .madek files
In some cases, you can restore files encrypted by Madek ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted personal files.
Use shadow copies to recover .madek files
In order to restore .madek files encrypted by the Madek crypto virus from Shadow Volume Copies you can run a tool named ShadowExplorer. We advise to use this solution as it is easier to find and recover the previous versions of the encrypted files you need in an easy-to-use interface.
Please go to the link below to download ShadowExplorer. Save it on your Desktop.
439623 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When downloading is finished, extract the saved file to a folder on your system. This will create the necessary files as displayed on the image below.
Run the ShadowExplorerPortable program. Now choose the date (2) that you wish to recover from and the drive (1) you want to recover files (folders) from like below.
On right panel navigate to the file (folder) you wish to restore. Right-click to the file or folder and click the Export button as shown below.
And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Run PhotoRec to restore .madek files
Before a file is encrypted, the Madek ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file recover apps such as PhotoRec.
Download PhotoRec on your Microsoft Windows Desktop by clicking on the link below.
When the download is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown on the screen below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It will display a screen as shown on the image below.
Choose a drive to recover as shown in the following example.
You will see a list of available partitions. Choose a partition that holds encrypted files as on the image below.
Press File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is finished, click OK button.
Next, click Browse button to choose where restored files should be written, then click Search.
Count of recovered files is updated in real time. All restored photos, documents and music are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is done, click on Quit button. Next, open the directory where restored personal files are stored. You will see a contents as on the image below.
All recovered documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your PC from Madek ransomware virus?
Most antivirus applications already have built-in protection system against the ransomware virus. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your personal computer from Madek crypto malware
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Click the link below to download HitmanPro.Alert. Save it to your Desktop.
After the download is complete, open the directory in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the tool is started, you’ll be shown a window where you can choose a level of protection, as shown on the image below.
Now press the Install button to activate the protection.
Finish words
After completing the step-by-step tutorial shown above, your computer should be clean from Madek ransomware virus and other malicious software. Your machine will no longer encrypt your personal files. Unfortunately, if the instructions does not help you, then you have caught a new ransomware virus, and then the best way – ask for help here.
Hi,
this is hiralal my pc infected ransonware .madek & i am trying to remove it but didn’t it.i was try no of things but failed.
can you help to remove this ransonware.
To remove madek ransomware we recommend you to use malware removal software listed above.