Masscan Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 1,616 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 18,964 |
| First Seen: | March 28, 2021 |
| Last Seen: | September 25, 2023 |
| OS(es) Affected: | Windows |
The Masscan Ransomware is a harmful software designed to encrypt and lock files on an infected system, then demand a ransom for the keys needed to unlock them. The ransomware was first discovered in 2018 and has since been linked to several cybercrime campaigns. It has become one of the most common forms of cybercrime due to the easy money it can generate for its handlers. The Masscan Ransomware has three known variants, named "F," "G," and "R."
The Masscan Ransomware typically spreads through phishing emails, corrupted website downloads, and unsecured networks. Once it has been successfully installed on a computer or network, the Masscan Ransomware will apply an extremally powerful encryption method to the data it chooses to encrypt and add the .masscan-F-[victim_ID], .masscan-G-[victim_ID], .masscan-R-[victim_ID] file extensions to them.
The Masscan Ransomware typically presents the ransom note to its victims in a text file named RECOVERY INFORMATION !!!.txt. It includes instructions on how to pay the ransom and various other recommendations. To further prevent victims from attempting to recover their data without paying the ransom, the Masscan Ransomware will delete the Shadow Volume Copies and also will try to encrypt attached flash drives and the system network.
The victims of this ransomware can use various methods to get rid of it.
One of the most efficacious ways to remove ransomware is through the use of anti-malware tools. However, victims of ransomware should remember that they shouldn't pay the demanded ransom because, instead of solving the problem, it may worsen things.
The following ransom note is the one victims of the Masscan Ransomware will see on their desktops:
little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted and now have the “.masscan” extension.
The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.
.3.
Q: What about guarantees?
A: Its just a business.
We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities – nobody will cooperate with us. Its not in our interests.
To check the ability to return files,
you can send us any 2 files with extension .masscan
(jpg, xls, doc, etc…not a database!) and small size (max 1 mb).
We will decrypt them and send them back to you. This is our guarantee.
.4.
Q: How will the decryption process proceed after payment?
A: After payment, we will send you our decoder program and detailed usage instructions.
With this program you will be able to decrypt all your encrypted files.
.5.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service – for us, its does not matter.
But you will lose your time and data, cause only we have the private key.
In practice – time is much more valuable than money.
.6.
Q: What happens if give up on decryption?
A: If you give up decryption,
there is no reward for our work and we will sell all your data on the dark web or in your country for compensation,
including financial data and user data.
.7.
Q: How to contact with you?
A: You can write us to our mailbox: masscan@tutanota.com
If no response is received within 12 hours contact: masscan@onionmail.com(Backup email)
:::BEWARE:::
1.If you will try to use any third party software for restoring your data or antivirus solutions.
please make a backup for all encrypted files!
2.Any changes to encrypted files may result in private key corruption, resulting in the loss of all data!
3.If you delete any encrypted files from the current computer, you may not be able to decrypt them!
4.Your key is only kept for seven days beyond which it will never be decrypted!
In the letter include your personal ID! Send me this ID in your first email to me!'
