The M.0.A.B. Ransomware is a threat that can block users from accessing their own files. The malware initiates an encryption routine on the devices it manages to infect. As a result, most of the files stored on the breached system will be rendered unusable. Unlike the majority of ransomware threats who mark the files they lock with a unique file extension, the M.0.A.B. Ransomware leaves the original file names intact.
The ransom note of the threat will be presented to the user in a new window. According to the instructions, affected users will have to pay the sum of $200 to the hackers to receive a decryption password. The password will then have to be entered into the specified field in the ransom window. The money must be transferred using the Bitcoin cryptocurrency. The exact crypto wallet address will be provided to the M.0.A.B. Ransomware's victims after they initiate contact through the 'firstname.lastname@example.org.' email. In addition to the text message, the M.0.A.B. Ransomware also displays a list of all the files it has encrypted.
It should be noted that infosec researchers who analyzed the M.0.A.B. Ransomware came to the conclusion that the threat is based on another ransomware called Povlsomware.
The full text of the ransom note is:
REJECTED PORT: 8081
Your files can only be retrieved by entering the
correct password. Dont Worry This Isnt
Permanent. Well Maybe. Its Up To You. If your
files are important ti you we can Unlock Your
Files For $200.00 In order to get the password
please send a mail And Ask for The Bitcoin
Addres to email@example.com