MrB Ransomware (.mrB Files) – Analysis & File Recovery

Home/BOTNET, Compromised, Exploitation, Internet Security, Mobile Security, Ransomware, Security Advisory, Security Update, Tips/MrB Ransomware (.mrB Files) – Analysis & File Recovery

MrB Ransomware (.mrB Files) – Analysis & File Recovery

MrB ransomware, a variant of Dharma ransomware, was identified on February 21, 2024. It encrypts files with the extension “.mrB” and targets small businesses, demanding ransom solely for file decryption without engaging in double extortion tactics. Jakub Kroustek was the initial discoverer and reporter of this ransomware strain.


MrB ransomware, a type of malware, encrypts files on a victim’s computer, rendering them inaccessible. Consequently, this ransomware variant appends the “.mrB” extension to encrypted files.

On February 21, 2024, cybersecurity researchers initially identified and reported MrB ransomware, which primarily targets small businesses. It demands ransom payment solely for decrypting files, without engaging in additional extortion tactics such as data theft.

At the end, the encrypted file name starts looking like this:

Media1.mp3 →[mirror-broken@tuta[.]io].mrB

mrB ransomware files

After encrypting a variety of file formats, including images, documents, and files from specific software suites, MrB ransomware displays a pop-up ransom note in the form of an HTA file and creates a readme text file in each folder containing encrypted files. Below, you’ll find the contents of both ransom notes.

Contents of the readme text file:

Your data has been stolen and encrypted!

email us



The most reliable option for file recovery is a decryptor tool designed for the specific ransomware family.

Researchers typically release these tools when they discover a vulnerability in the encryption mechanism or when they seize ransomware servers. Although it might seem improbable, there were four decryptors released in the first months of 2024. Stay patient, remain hopeful, and you might recover your files.

File recovery options


To remove MrB ransomware from your system, follow these steps:

  1. Disconnect from the Internet: Immediately disconnect your device from the internet to prevent further communication with the ransomware’s command and control servers.
  2. Boot into Safe Mode: Restart your computer and boot into Safe Mode to prevent the ransomware from loading at startup. This can help stop its malicious activities.
  3. Scan Your System: Use reputable antivirus or anti-malware software to perform a full system scan. Ensure that the software is up-to-date to detect and remove the ransomware and any associated files.
  4. Remove Malicious Files: Once the scan is complete, follow the prompts to remove any identified threats or malicious files associated with the MrB ransomware.
  5. Restore from Backup: If you have backups of your files, restore them from a safe backup source. Ensure that the backup is clean and free from any traces of the ransomware before restoring your files.
  6. Update Security Software: After removing the ransomware, update your antivirus or anti-malware software and perform another full system scan to ensure that your system is clean and protected.
  7. Stay Vigilant: Be cautious when browsing the internet and opening email attachments to prevent future infections. Keep your operating system and software up-to-date with the latest security patches to mitigate the risk of malware infections.

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!