Threat Database Ransomware Moisha Ransomware

Moisha Ransomware

The Moisha Ransomware can be used by cybercriminals to prevent victims from accessing their own data and files. The threat carries a strong encryption algorithm and all impacted files will be left in a completely unusable state. Typically, ransomware operations are financially-motivated and the Moisha Ransomware is not different. It should be noted that unlike other threats of this type, Moisha doesn't change the names of the encrypted files and instead leaves them intact. Victims will be left with a ransom note dropped on the desktop of the breached devices, in the form of a text file named '!!!READ TO RECOVER YOUR DATA!!!.txt.'

Reading the note reveals that the operators of the Moisha Ransomware use double-extortion tactics. Apart from locking and encrypting certain file types, the attackers also claim to have collected vast amounts of confidential data. If the affected organizations do not pay the demanded ransom, the threat actors threaten to release the obtained data to the public and media, sell parts of it to competitors of the victims, and contact their clients about the hack. The ransom note mentions two emails ('' and '') and a qTOX ID as potential communication channels.

The full text of the ransom note is:

'Hi ***, this is Moisha!

What happened?

All just our Poles Testers team penetrated your network!
What do we want? We want money for our silence and decrypting your files!

What did we do?, We entered your corporate network, stole your work files among them the source codes
of your projects! Leaving, we encrypted them, more than you are sure of you have their copy!

What do we do? We will contact your every client, and let us inform you that you were hacked and all
your customers are now at risk working with the programs of whose source code we have!

What to do that all this would not be and return all to places?

All we just want money, namely 55.5555 dollars, for our silence and decryption of your network.

What will happen if you do not get in touch? :

We will publish part of the source of your projects (this will cause reputational harm to your company)

We will sell part of the sources to your competitors or anyone who wants to buy them!

We are knitted with everyone who works with you or has any connection with your company, be your
partners or clients of your company.

We will report to regional news that you were hacked!

All this can be avoided, how?

You get in touch with us.

We agree in the first 48 hours it will be fast!

You pay the agreed amount.

We restore everything that we encrypted.

We will return your source codes to you and will not publish them on forums and sell them to second
and third parties.

Make sure that we are not the time you wash, looking at the provider’s report and understand that all
your sources and projects merged from you !!

We have downloaded all your program sources! over 200 gigabytes! Don't delay! we are waiting for you at
the negotiations, we will be able to confirm the availability of your files!

You can contact us:
To quickly communicate, use mail (

- Use the Tox Messenger, You Can download heere hxxps://

to comunicate with the Operator Via Tox Messenger:

Moisha Id Operator in Tox Messenger


Sincerely MOISHA !!'


Most Viewed