Mogera Ransomware

The Mogera Ransomware is a recently detected data-encrypting Trojan, which has been circulating the Web. When dissected, it became evident that the Mogera Ransomware is from a family of non-other but the widely infamous STOP Ransomware. This ransomware family, alongside the Dharma Ransomware family, and the Globe Imposter Ransomware family have been very popular in the world of cybercrime recently with new variants popping up almost daily.

Malware experts have not confirmed how the Mogera Ransomware is being spread but seems likely that the authors of this file-locking Trojan are using pirated software, faux updates, and spam emails to propagate their creation. When the Mogera Ransomware gains access to a system, the first thing it will do is begin a scan aimed at locating the files, which this threat was programmed to lock. When the scan is complete, the Mogera Ransomware will proceed with the next step of the attack – the encryption process. When encrypted, the files will have an extension added to their file names - '.mogera' and will no longer be usable. For example, a file that was called 'cake.png' before the attack took place will be renamed to 'cake.png.mogera' after the attack is completed. Then, the Mogera Ransomware drops its ransom note named '_readme.txt.' In the note, the attackers address the victim as 'my friend' and go on to say how all the files are retrievable if they pay up. The ransom fee is set at $980, but the attackers promise that if you get in touch with them within 72 hours of the attack taking place, you will receive your decryption key at half the price, aka $490. Then, they go on to provide the victim with two email addresses – 'bufalo@firemail.cc' and 'gorentos@bitmessage.ch.' The authors of the Mogera Ransomware also give out their Telegram account '@datarestore.'

It is never recommended to give in to the demands of cybercriminals like the individuals responsible for the Mogera Ransomware. Such people lack scruples and will likely trick you into paying them without holding up their end of the bargain and providing you with a decryption tool. A much safer approach is to make sure you download and install a legitimate anti-malware suite and have it rid you of this nasty Trojan.