M0on Ransomware

The M0on Ransomware is a ransomware Trojan that is used to extort money from its victims. Like other ransomware Trojans that have been released in November of 2016, the M0on Ransomware encrypts its victim's files and demands the payment of a ransom. PC security analysts strongly advise against paying the M0on Ransomware's ransom, despite that it may not be possible to decrypt the files affected by the M0on Ransomware currently.

The Moon that Brings Only Darkness

The M0on Ransomware is a variant of a ransomware family that has been around for a while, commonly known as MyLittleRansomware or the Cute Ransomware. The M0on Ransomware is one of the many variants that are produced from this particular ransomware Trojan to evade detection and stay ahead of security software updates. The M0on Ransomware is virtually identical to the majority of new ransomware Trojans released in Fall of 2016. The M0on Ransomware is being distributed in a similar way to these as well, contained in text documents that use corrupted macros to load the M0on Ransomware onto the victim's computer. The M0on Ransomware uses the encryption engine 'm00n.exe,' from which it draws its name.

How the M0on Ransomware Carries out Its Attack on the Victim’s Computer

As soon as the M0on Ransomware is installed on the victim's computer, it begins encrypting the victim's files. The M0on Ransomware searches for more than 180 different file types during its attack, encrypting them by using an AES-256 encryption algorithm. The M0on Ransomware changes the affected files' names to random characters and adds the extension '.M0on' to the end of the file, making it obvious which files have been encrypted during the attack. The M0on Ransomware searches for files with the following file extensions during its attack:

.png .3dm .3g2 .3gp .aaf .accdb .aep .aepx .aet .ai .aif .arw .txt .php .bat .as .as3 .asf .asp .asx .aui .bay .bmp .cdr .cer .class .cpp .asp .aspx .exe .cr2 .crt .crw .cs .csu .db .dbf .dcr .der .dng .doc .docb .docm .d11 .cc .docx .dot -cloth .dotx .dwg .dxf .dxg .efx .eps .erf .fla .flu .qq .mdb .idml .iff .indb .indd .indl .indt .inx .jar .jaua .jpeg .jpg .nes .lnk .kdc .m3u .m3u8 .m4u .max .mdb .mdf .mef .mid .mou .mp3 .mp4 .rcb .jsp .mpa .mpeg .mpg .mrw .msg .nef .nrw .odb .odc .odm .odp .ods .odt .jaua .orf .p12 .p7b .p7c .pdb .pdf .pef .pem .pfx .php .plb .pmd .pot .jar .potm .potx .ppam .ppj .pps .ppsm .ppsx .ppt .pptm .pptx .prel .pdb .prproj .ps .psd .pst .ptx .r3d .ra .raf .rar .raw .rb .rtf .htm .rw2 .rwl .sdf .sldm .sldx .sql .sr2 .srf .srw .sug .swf .tif .class .ucf .uob .wau .wb2 .wma .wmu .wpd .wps .x3f .xla .xlam .xlk .dat .x11 .xlm .xls .xlsb .xlsm .xlsx .xlt .xltm .xltx .xlw .xml .xqx .zip.

Once a file has been encrypted by the M0on Ransomware it will, unfortunately, not be recoverable without access to the decryption key (which the people responsible for the M0on Ransomware hold until the ransom is paid).

Malware Analysts Advise Against Paying the M0on Ransomware’s Ransom

PC security analysts do not recommend that computer users pay the M0on Ransomware ransom. The M0on Ransomware displays its ransom note in the form of an HTML file that is dropped on the victim's computer. This ransom note demands the payment of 1 BitCoin (about $750 USD) in exchange for the decryption key. In some cases, computer users may be able to negotiate with the con artists after contacting them via email. However, PC security analysts strongly advise that computer users avoid paying this ransom or contacting these people. Apart from financing further threat attacks, the people responsible for the M0on Ransomware are just as likely to ignore your petition or may even ask for more money. Instead, backups should be in place to allow computer users to recover their files after the attack. Backups are the best measure against the M0on Ransomware and most other ransomware Trojans active currently.