Maoloa Ransomware

The Maoloa Ransomware is an encryption ransomware Trojan that was first observed on February 5, 2019. The Maoloa Ransomware is mainly being delivered to the victims via corrupted spam email attachments. Once installed, the Maoloa Ransomware carries out a typical encryption ransomware attack, making making inaccessible the files of the victim and then demanding that the victim pay a ransom to restore access to the compromised data. The Maoloa Ransomware seems to be related to the Scarab family of ransomware Trojans, a large family of threats that has been active for some time.

How the Maoloa Ransomware Attack Works

The Maoloa Ransomware will mark the files targeted by its attack by adding the extension '.maoloa' to each affected file's name. The Maoloa Ransomware uses a strong encryption algorithm to make the user-generated files inaccessible, targeting files with file extensions such as the following:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Maoloa Ransomware delivers a ransom note in the form of a text file named 'HOW BACK YOUR FILES.txt,' which contains the following text:

'** All your files have been encrypted **
*** PLEASE READ THIS ***
**** IF YOU WANT TO GET ALL YOUR FILES BACK ****
_______________________________________________________
| ATTENTION |
| * Do not rename encrypted files. |
| * Do not try to decrypt your data using third party software, this can |
| result in complete data loss. |
|_______________________________________________________|
Send us email with your personal id.
This email will be as confirmation you are ready to pay for decryption key.
After payment, we send you the decryption tool, that decrypt all your files.
Before paying you can send 2 file for free decryption. The total size of file
must be less than 1Mb (non archived), and files should not contain valuable
information (backups, databases, large excel-word sheets, etc.)

------------------------------------- KEY -------------------------------------
[random characters]
-------------------------------------------------------------------------------'

Protecting Your Data from Threats Like the Maoloa Ransomware

PC security researchers strongly advise computer users to refrain from paying the Maoloa Ransomware ransom amount or contacting the criminals responsible for the Maoloa Ransomware attack. Instead, preemptive steps should be taken to secure all data. These steps may include using an updated security program to protect your computer and having file backups stored on external memory devices. Having file backups ensures that computer users can restore any data compromised by the Maoloa Ransomware attack without having to consider contacting the criminals or negotiating with them to retrieve the lost data.