Moqs Ransomware
The Moqs Ransomware is a threat spawned from the STOP/Djvu malware family. Despite the countless variants already detected by infosec researchers, more and more appear to be emerging almost daily. They operate in an identical manner with only minor differences such as the specific extension used to mark the encrypted files. In this case, the threat appends '.moqs' as a new extension to the original filenames. Upon completing its encryption algorithm and rendering the files stored on the system both inaccessible and unusable, Moqs Ransomware will deliver a ransom note. The note-bearing file will be named '_readme.txt.'
The instructions found in the ransom note are consistent with the messages of other STOP/Djvu variants. Users are told that they will have to pay the sum of $980 if they want to get the decryption key and software tool controlled by the hackers. If contact is initiated within the first 72 hours following the ransomware infection, however, the hackers promise to slash the demanded price in half to $490. The note provides to email addresses that can be used for this purpose - 'manager@mailtemp.ch' and 'managerhelper@airmail.cc.' A single locked file can be attached to the message to supposedly be unlocked for free.
The full text of the note created by Moqs Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted
with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-N3p42CffoV
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
manager@mailtemp.chReserve e-mail address to contact us:
managerhelper@airmail.ccYour personal ID:'
