MOOL Ransomware
Cybersecurity researchers have uncovered a new file-locking Trojan and named it the MOOL Ransomware. The MOOL Ransomware belongs to the family of the most active data-encrypting Trojan of 2019 – the STOP Ransomware. In 2019 alone, malware experts have spotted over 200 copies of the STOP Ransomware lurking the Web.
Propagation and Encryption
The creators of ransomware threats use all sorts of tricks to distribute their threatening creations. Malvertising campaigns, bogus software downloads and updates, torrent trackers, fake copies of popular applications or media, and spam emails containing macro-laced attachments are among the most commonly utilized propagation methods in regards to ransomware threats. The MOOL Ransomware is likely capable of encrypting a large variety of file types, including images, documents, audio files, videos, databases, archives, etc. To lock a targeted file securely, the MOOL Ransomware will apply an encryption algorithm. Users may notice that the names of the locked files are altered. This is due to the fact that the MOOL Ransomware appends a new extension to the filenames – ‘.mool.’ For example, a file that you had named ‘emerald-forrest.gif’ originally, will have its name changed to ‘emerald-forrest.gif.mool.’ All the locked files will no longer be executable.
The Ransom Note
The MOOL Ransomware would then drop a ransom note on the user’s system. The ransom message of the attackers is contained in a file called ‘_readme.txt.’ In the ransom note, the authors of the MOOL Ransomware do not mention a specific ransom fee. However, they provide the victims with two email addresses – ‘helpmanger@firemail.cc’ and ‘helpmanager@iran.ir.’ It is probable that the attackers will provide users who contact them with more information and further instructions.
It is not recommended to attempt to get in touch with the authors of the MOOL Ransomware. Even the users who pay the ransom fee demanded are not likely to be provided with a decryption tool that would unlock their data. It is better to remove the MOOL Ransomware using a trustworthy, legitimate anti-virus application.
