Please note that these free tools are provided as-is and without warranty of any kind. The tools may only work with specific ransomware versions, and may not work with versions that were released after a tool was created. Technical support for the tools is available only to customers using a paid Emsisoft product.
The Marlboro ransomware was first seen on January 11th, 2017. It is written in C++ and uses a simple XOR-based encryption algorithm. Encrypted files are renamed to ".oops". The ransom note is stored inside a file named "_HELP_Recover_Files_.html" and includes no further point of contact.
Due to a bug in the malware's code, the malware will truncate up to the last 7 bytes from files it encrypts. It is, unfortunately, impossible for the decrypter to reconstruct these bytes.
To use the decrypter, you will require an encrypted file of at least 640 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable.