Mosn Ransomware

Mosn Ransomware Description

Users are under threat from new ransomware named Mosn. Those who have fallen victim to Mosn will notice that all of their documents, PDFs, pictures, photos, databases and archives can no longer be accessed. The affected files also will be marked by having '.MOSN' added to their names as a new extension. The locked data will then be used as a hostage to extort money from the users.

The ransom note of the threat is delivered as a text file named 'INFORMATION_READ_ME.txt' and as a desktop image that will be set as the new desktop background on the system. According to the desktop message, the threat actor demands to receive $300 paid using the Bitcoin cryptocurrency. As for the affected users, they are instructed to establish contact by sending an email to the 'walter1964@mail2tor.com' address. The message delivered inside the text file contains some additional details. It shows the total number of encrypted files on the system. Victims also will find a hardware ID that was assigned to their compromised device. That number must be included in the email to the hackers.

Generally, victims should avoid starting negotiations with cybercriminals, as doing so could expose them to even more security risks. Furthermore, there is no guarantee that the hackers will send the decryption key necessary to restore the data.

The desktop message is:

'MOSN
RANSOMEWARE
300$ in Bitcoins
DECRYPTION-KEY
CONTACT FOR DECRYPTION
walter1964@mail2tor.com
.'

The instructions in the text file are:

'FILES-ENCRYPTED: -
HARDWARE-ID_INCLUDE_IN_MAIL:
CONTACT: walter1964@mail2tor.com
'