Threat Database Ransomware Moonshadow Ransomware

Moonshadow Ransomware

The Moonshadow Ransomware threat is another threatening variant from the notorious VoidCrypt family. Users should not take this as a sign that the Moonshadow is any less threatening. If deployed on a breached device, the threat can lock a significant portion of the data stored there. Victims will be left unable to access their valuable documents, PDFs, databases, archives and more.

The Moonshadow Ransomware assigns a unique ID to each of its victims. This ID string will be appended to the original names of the encrypted files. Following it will be an email address under the control of the cybercriminals. In this case, the email is 'developer.110@tutanota.com.' Finally, the threat will add '.moonshadow' as a new file extension. Victims will then be presented with a ransom note containing instructions from the threat actors. The message will be displayed in a new window generated from an HTA file named 'Decryption-Guide.HTA.' In addition, Moonshadow will create a text file named 'Decryption-Guide.txt' containing an identical message.

Ransom Note's Details

As we said, the instructions in the pop-up window and the text file are the same. They state that the locked files can be restored but victims must pay a ransom if they want to receive the decryption tool and necessary RSA key. Affected users also must find a specific file that has been created on the infected system. The name of the file should be similar to 'KEY-SE-24r6t523' or 'RSAKEY.KEY.' Without the information contained in it, even the cybercriminals will be unable to unlock the encrypted files. The ransom note states that communication can be carried out only through the 'developer.110@tutanota.com' email.

The full text of the ransom notes dropped by the Moonshadow Ransomware is:

'Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : KEY-SE-24r6t523 or RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process

Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happened

Your Case ID : -
Our Email:developer.110@tutanota.com
'

Trending

Most Viewed

Loading...