Moss Ransomware
The Moss Ransomware is yet another ransomware threat spawned from the prolific Stop/Djvu Ransomware malware family. The Moss Ransomware displays minimal modification from the base code borrowed from the Stop/Djvu Ransomware , most notably the extension it uses for the encrypted files - '.moss.' The Moss Ransomware will be appended to the original name of every locked file. The ransom note with instructions is generated as a text file named '_readme.txt' that will be placed in all folders that have encrypted files in them.
Like most other STOP/DJVU variants, the Moss Ransomware also demands the sum of $980 from its victims in exchange for the private key and the decryptor tool necessary for the restoration of the user's data. If the victims initiate contact within the first 72 hours of the Moss Ransomware infection, the ransom price will be dropped down to $490. Two email addresses are provided for this purpose - the primary one is 'helpmanager@mail.ch,' while the reserve address is 'restoremanager@airmail.cc.'
Dealing with the consequences of a ransomware attack is never an easy task. The recommended course of action is for the affected users to avoid establishing communication with the criminals and never send any amount of money to them, as this would only serve to further fuel their threatening activities. Instead, victims should look for an appropriate backup from which to restore the encrypted files. However, it is paramount to remove any traces of the Moss Ransomware from the compromised computer properly by using a professional anti-malware program.
What Happens to Files Infected With MOSS?
The MOSS ransomware creators use the virus to become the only people capable of accessing files on a computer. They demand that you pay a ransom fee in order to get the tools needed to decrypt the ransomware encryption and get your files back.
The MOSS ransomware uses an algorithm to scan the target computer and encrypt personal files. Viruses of this kind are capable of finding – and encrypting – a comprehensive list of file formats. It's possible that MOSS could affect every file you have stored on your computer outside of system files needed for the machine to run. It can affect everything from documents and images to executable files and PDFs.
For example, let's say that you had important files related to your master's degree stored on your computer, or you had some vital business files stored locally on your computer. If the virus were to hit your computer now, it would cause a lot of problems for you – and your company. We recommend that users create regular backups of essential data as there is no way to protect yourself against cyberattacks completely.
The virus typically runs an encryption program using RSA 2049-bit cipher encryption to alter files. Unfortunately, this encryption protocol is almost always impossible to break without the key. The method was created to transmit military information without third-parties accessing it. It is so difficult to decrypt because each encryption is done with a unique encryption/decryption key pair. These keys are the only way to undo the encryption, and only the hacker has access to them.
It may seem like the only way to get your data back would be to get your hands on the key. The only other way to decrypt MOSS-affected files is with an unimaginable amount of time and resources. However, you should never pay the ransom to the criminals behind the attack. There is no guarantee they will live up to their end of the deal and provide the promised key.
There are multiple cases where the attackers simply vanish after receiving the payment, never to be heard from again. They steal money as well as data. The people behind the MOSS ransomware are using it for nothing but their financial gain. They will definitely take any opportunity to extort your money.
The MOSS Ransom Note
Much like other ransomware from the DJVU/STOP family, MOSS uses the same method of encrypting data and leaving a ransom note behind. The ransom note contains instructions on how victims can supposedly recover their files. Victims are told that they can test the decryption tool before buying it by sending the hackers a few small files to be decrypted. The attackers say they will decrypt the files and then return them. The only condition is that the file has to be a small and unimportant one.
The message also says that if people pay the ransom within the first 72 hours of infection, the ransom price will be halved to $490. As we said before, you should never pay the ransom demands as you will only lose your money and data. You should know that there may be an alternative method to getting your data back. The ransomware could have bugs in the code, for example, that allows security researchers to create public decryption tools. Don't rely on this happening; however, as it is rare.
The full note dropped by the Moss Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-7596obcC8h
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your email "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our email:
helpmanager@mail.ch
Reserve email address to contact us:
restoremanager@airmail.cc
Your personal ID:'
More often than not, your best course of action, when affected by MOSS or another similar ransomware, is to remove it from your computer and then restore files using a backup. However, keep in mind that you should thoroughly remove the virus before restoring your files. Failing to do so means there is a risk that your files will become infected again. The virus could also spread to the external device and eliminate your backup.
It would be best to keep your backup files on an external device disconnected from the internet. This helps ensure that you always have a clean copy of your files when you need one. It's good to have as many backups as possible to get extra protection against data loss.
How Does MOSS Ransomware Spread?
There are several ways that a virus such as this can infect a computer. One of the most common distribution methods for ransomware in the STOP/DJVU family is through downloads on peer-to-peer file sharing sites. Websites such as ThePirateBay and ZippyShare are the ideal platform to distribute malware and other computer viruses. Consider the safety implications – as well as the legal implication – of downloading and illegally activating software from torrenting sites. The benefits are hardly worth the potential drawbacks. Please beware of files on third-party freeware platforms as well. Hackers will often disguise a virus as a legitimate freeware tool and make it available to the public. Always download software from official sources when you can and check the reviews of freeware before installing it. There are many great freeware tools out there, but it is worth doing your due diligence to keep your data safe.
The other most common distribution method is through malspam campaigns. A malspam campaign is when hackers exploit social engineering to infect as many people as possible. Hackers send thousands of emails to random people. The emails use fake credentials and information to trick readers into opening a link or attachment. Either way, completing the proposed action will infect the computer. There's a good chance that any link or file you are sent in an unsolicited email will infect your computer. Protect yourself and your data by ignoring and deleting spam emails. Don't give attackers an easy way into your computer.
