Mogranos Ransomware
Malware researchers have uncovered a brand-new data-encrypting Trojan recently. This ransomware threat was given the name Mogranos Ransomware, and when dissected it revealed to be a variant of the very popular STOP Ransomware.
Propagation and Encryption
Cybersecurity experts have not been able to reach a consensus on how the Mogranos Ransomware is being propagated. Some speculate that the creators of the Mogranos Ransomware may have employed some of the most popular infection vectors used in the spreading of ransomware threats – fraudulent software updates, spam emails containing corrupted attachments, and pirated copies of popular applications. When the Mogranos Ransomware infects your PC, it will first perform a scan. The scan is meant to locate the files that will be encrypted. Then, the Mogranos Ransomware will trigger its encryption process. When this ransomware threat locks a file, it changes its name by adding a '.mogranos' extension at the end of the filename. For example, an audio file called 'Ten-Timezones-Away.mp3', the Mogranos Ransomware will rename it to 'Ten-Timezones-Away.mp3.mogranos.'
The Ransom Note
In the next step of the attack, the Mogranos Ransomware drops a ransom note named '_readme.txt,' which is the name used in most variants of the STOP Ransomware. The note states:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-o7ClqIH7RS
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gorentos2@firemail.cc
Our Telegram account:
@datarestore
Mark Data Restore
Your personal ID:’
The authors of the Mogranos Ransomware demand $980 as a ransom fee. However, they claim that if you contact them within 72 hours of the attack, you will receive a 50% discount and would 'only' have to pay $490. The user also is urged to send the attackers one encrypted file, which they will unlock for free. The authors of the Mogranos Ransomware provide the victim with two email addresses where the attackers can be contacted – 'gorentos@bitmessage.ch' and 'gorentos2@firemail.cc.' In case the user prefers Telegram as a means of communication, the attackers can be reached @datarestore on Telegram.
It is not recommended to contact cybercriminals or pay them. A safer option is to obtain a reputable anti-spyware tool that will remove the Mogranos Ransomware from your computer. Then, you can try to get some of the lost files back using a third-party data-recovery application.
