MoonCryptor Ransomware

The MoonCryptor Ransomware is an encryption ransomware Trojan that is used to extort computer users. The MoonCryptor Ransomware was first observed in mid-August 2017. There may be some confusion with the M0on Ransomware Trojan, an encryption ransomware Trojan released in 2016. The MoonCryptor Ransomware does not seem to belong to a larger family of ransomware and seems to be a standalone threat rather than part of a RaaS (Ransomware as a Service) or a variant of an open-source family like HiddenTear or EDA2. However, the MoonCryptor Ransomware attack is nearly identical to most encryption ransomware Trojans active today, making the victim's files unreachable and then demanding the payment of a ransom from the victim. The MoonCryptor Ransomware represents a real threat to the computer users' data so that it is paramount that computer users take steps to safeguard their PCs from attacks such as this one.

Even the Moon isn’t Free of Being Target by the Con Artists

The MoonCryptor Ransomware may be installed on the victim's computers after they open a corrupted email attachment, which may be a corrupted Microsoft Word file attached to a spam email message. These files will use macro scripts to download and install the MoonCryptor Ransomware on the victim's computer. Once the MoonCryptor Ransomware is installed, the MoonCryptor Ransomware connects to its Command and Control servers and relays information about the infected computer, receiving configuration information as well. In its attack, the MoonCryptor Ransomware will use the AES 256 encryption to encrypt the victim's files, looking for user-generated files such as those associated with software like Microsoft Office, Adobe Photoshop, WinRAR, as well as photos, videos, audio, databases, spreadsheets, eBooks, and numerous other file types. Once the files have been encrypted by the MoonCryptor Ransomware attack, they will no longer be usable.

How the MoonCryptor Ransomware Demands a Ransom Payment

The files encrypted by the MoonCryptor Ransomware attack are marked with the file extension '.fmoon,' which is added to the end of each compromised file's name. The MoonCryptor Ransomware will present a ransom note in a program window that is named 'MOOD DECRYPTOR.' The full text of the MoonCryptor Ransomware's ransom note reads:

'WHAT HAPPENED ???
Oops all your data are encrypted !!
This is a ransomware AES 256 + RS A 1024!! Look at Wikipedia for morę informations
Please pay before 20 minutes oryour datalll be lost forever. I'll delete a file per minutę after!
Copy and past this link in Internet Explorer or Firefox :
hxxp://10.10.3.1/panel/decipher.php
and enter your informations :
Your UUID : [RANDOM CHARCTERS]
Encrypted key [RANDOM CHARCTERS]
If you obtain your passord, take it here and click on RECOVER
[TEXT BOX] [RECOVER|button]'

Affected computer users should ignore the MoonCryptor Ransomware ransom note and avoid paying any ransom or following the con artists' instructions. Instead, security analysts strongly advise computer users to take preventive measures to ensure that their data is safe from encryption ransomware Trojans like the MoonCryptor Ransomware.

Protecting Your Data from the MoonCryptor Ransomware and Similar Attacks

Paying the MoonCryptor Ransomware ransom is not advised. The people responsible for the MoonCryptor Ransomware attack are unlikely to deliver the decryption key required to recover the affected files, and they are just as likely to ignore you or ask for more money. Instead of paying the ransom amount, it is important to have file backups. If your files are backed up on an external memory device or the cloud, then you can restore your files quickly by deleting the encrypted copies and replacing them with the backups. The MoonCryptor Ransomware infection itself can be removed easily with a reliable security program that is fully up to date, but it will be necessary to have backup copies to recover the files encrypted by the MoonCryptor Ransomware attack. Since the MoonCryptor Ransomware may be distributed using spam email messages, learning to handle these safely is also crucial.