Motd Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | March 21, 2017 |
| Last Seen: | February 18, 2022 |
| OS(es) Affected: | Windows |
The Motd Ransomware is a ransomware Trojan that uses an advanced RSA encryption algorithm to lock the victim's files. The Motd Ransomware uses a strong encryption method that prevents the victims from deciphering the files that have been encrypted during the attack. The Motd Ransomware takes the victims' files hostage by encrypting them and keeps the decryption key necessary for deciphering them away from the victim until a large ransom is paid (using an anonymous payment method). This is a strategy used by many encryption ransomware Trojans, which are among the most common types of threats active currently.
Table of Contents
Email Attachments may Bring the Motd Ransomware to Your Computer
The Motd Ransomware is distributed in a variety of ways, which may include hacking into a victim's computer or through Torrent networks and shady Websites. However, like most ransomware Trojans, the most common way of distributing the Motd Ransomware is through the use of corrupted files attached to spam email messages. These attachments use corrupted scripts to download and install the Motd Ransomware on the victim's computer. The Motd Ransomware displays a ransom note on /etc/motd which uses a 'message of the day' on the systems using UNIX. The Motd Ransomware, like most ransomware Trojans, will encrypt a wide number of file types. However, the Motd Ransomware's intended targets are the ones with a high-profile, and it was designed to carry out an especially effective attack against Web servers.
How the Motd Ransomware Carries out It’s Infection
Although the Motd Ransomware is designed to cause the most damage in attacks against servers, the Motd Ransomware also can mount an effective offensive against regular computer users. In its current form, the Motd Ransomware is targeting computers using Linux or other UNIX-based operating systems. This makes the Motd Ransomware somewhat of a rarity since most ransomware Trojans target computers using the Windows operating system, and there is often the mistaken notion that Linux operating systems, which may be used for servers, are completely immune to threats. Once the Motd Ransomware has encrypted a file, the Motd Ransomware will change its extension by adding the ending '.enc' to the affected files. The Motd Ransomware is a sophisticated threat, which looks for high profile targets, and demands a very high ransom amount of 2 BitCoin. The victims of the Motd Ransomware attack are instructed to contact the con artists through email. Up until now, PC security researchers have connected the Motd Ransomware to several email addresses, including the following:
- johnmorcbw@seznam.cz
- peyton7zdupont@seznam.cz
- nporchi79@seznam.cz
- sook2serit@seznam.cz
After encrypting its victim's files, the Motd Ransomware a message, which appears as the UNIX message of the day (hence the Motd Ransomware's name), is displayed. The text of this message can vary. Below is an example of one of these messages:
'!WARNING!
YOU ARE INFECTED
WITH THE MOST CRYPTOGRAPHIC ADVANCED RANSOMWARE
All your data of all your users, all your databases and all your Websites are encrypted
Send your UID to e-mail: sook2serit@seznam.cz
YOUR UUID IS: 28e37776-ab3e-12c6-aa5a-1la02ms0w8bp
!WARNING!'
Dealing with the Motd Ransomware
Most server administrators will have backup images of their data since the loss of the data can be quite devastating to a business or multiple Websites that may be located on the same server. The Motd Ransomware's attack becomes most devastating if it happens to encrypt a backup data as well, which may happen if the backups are synchronized or not located on an external, offline device. The best way to recover from a Motd Ransomware attack is to restore all data from a backup and remove the Motd Ransomware with an anti-malware program or by deleting all data and settings associated with its attack completely. The Motd Ransomware chooses high-profile targets and uses an advanced, sophisticated method but, fortunately, its intended victims (including computer users who use computers with the Linux operating system) tend to be well prepared against these attacks. The main danger may be the complacency of believing that Linux makes a system invulnerable from threats completely, which is clearly not the case.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.