The Msop Ransomware is a newly uncovered data-locking Trojan. Upon spotting and studying this threat, malware researchers found that this is yet another variant of the notorious STOP Ransomware. In 2019, the STOP Ransomware family has been the most active ransomware family out there, undoubtedly. It has been estimated that ransomware authors have released approximately 200 variants of the STOP Ransomware in 2019 alone.
It is not clear what is the exact propagation method that the authors of the Msop Ransomware are utilizing in the spreading of this nasty Trojan. Spam emails are the most commonly used method in regard to the propagation of ransomware threats. Usually, these emails would contain a message ridden with social engineering tricks whose sole purpose is to deceive the user into believing that the file that is attached to the email is safe. If the targets fall for this and launch the attachment, their systems will be infiltrated by the ransomware threat. However, there are other techniques that cybercriminals tend to use – torrent trackers, fraudulent application updates, bogus pirated variants of popular software tools, etc. Once the Msop Ransomware manages to sneak into the target’s system, this threat will make sure to scan all the data that is present on the compromised host. The Msop Ransomware is capable of encrypting not only the files that are hosted on the SSD and hard drive of the system but also any removable storage devices that may be plugged into the compromised machine. To lock the targeted data, the Msop Ransomware will apply an encryption algorithm that will render the data unusable. All the compromised files will have their names altered because the Msop Ransomware appends a new extension to the locked files - ‘.msop.’ For example, an audio file that you had named ‘white-chalk.mp3’ will be renamed to ‘white-chalk.mp3.msop’ after the encryption process has been completed.
The Ransom Note
Most of the STOP Ransomware copies have almost identical ransom notes, and the Msop Ransomware is no exception. The ransom message is in a file named ‘_readme.txt.’ In the note, the creators of this file-encrypting Trojan inform the user that their data has been locked and ask for a ransom fee of $490. However, the user is given a deadline, and unless the ransom is paid within three days of the attack taking place, they will have to pay double the price - $980. The attackers offer to decrypt one or two files free of charge. This trick serves to prove to the user that the authors of the threat are capable of reversing the damage they have done to the victim’s data. The attackers demand to be contacted via email - ‘firstname.lastname@example.org’ and ‘email@example.com.’
Unfortunately, the STOP Ransomware variants that have been released, so far, are not decryptable for free. However, the ransom fee demanded should not be paid. Even users who decide to pay up are often left empty-handed as, more often than not, cyber crooks lose interest in cooperating as soon as they receive the ransom sum. You should consider investing in a legitimate anti-spyware tool that will help you remove the Msop Ransomware from your computer safely and permanently. Furthermore, you can look into retrieving some of the lost data via a third-party data-recovery application, but the outcome is likely to be disappointing.