MongoLock is a particularily nasty malware that deletes important information on your computer and informs you that you will have to pay to get the information back. Your files are not encrypted--they are entirely deleted and unrecoverable (unless you have a backup). This malware has been seen primarily on computers in South Korea, Great Britain, the United States, Argentina, Canada, Germany, Taiwan and Hong Kong. There is no Clam AV signature (of course) for the malware at this time.

Below is a MDB signature for the latest MongolLock version seen today. Copy the signature to a Notepad file and save it in the ClamWin db program data folder. When you save the file, do not save it with a .txt or .text on the end. Just save it as Sigfile.mdb (select type All Files) to prevent the .txt or .text at the end of the filename, otherwise ClamWin will not recognize it as a signature. The MDB signatures are for important parts of a malware and will last until the next version of the malware comes out--usually in a couple of weeks, but some malware authors may reuse the same part again., so they might last for a month or so.

Thanks for using ClamWin!

262144:9a71b6ff15e71629dfa8fd517a458aa9:Win.Trojan.MongoLock-010819.1220