Muslat Ransomware

Recently, malware researchers have spotted a new ransomware threat emerging, which has already claimed one victim in Morocco. This new data-locking Trojan was dubbed Muslat Ransomware, and when further examined, this ransomware threat revealed to be a part of the infamous STOP Ransomware family.

It is not known with full certainty what propagation method have the cyber crooks responsible for the Muslat Ransomware applied in spreading their creation, but experts speculate that the infection vectors may include mass spam email campaigns, alongside pirated software and faux app updates. When the Muslat Ransomware infiltrates the targeted host, it begins scanning the system. The purpose of the scan performed by the Muslat Ransomware is to determine the locations of the files, which will be targeted for encryption. When the scan is through,the Muslat Ransomware starts encrypting the data targeted. When the Muslat Ransomware locks a file, it applies an additional extension at the end of the file name – ‘.muslat.’

For example, a file named ‘plastic-cup.png’ before the attack occurred, after the Muslat Ransomware encrypts the file its name will be altered to ‘plastic-cup.png.muslat’ and will be unusable. Then, the Muslat Ransomware drops a ransom note called ‘_readme.txt,’ which is the name used by most variants of the STOP Ransomware. The attackers do not specify the sum required for them to provide you with a decryption key allegedly. However, they do provide an email address where you are meant to contact them and receive further instructions. The email provided is ‘gorentos@bitmessage.ch.’

It is never recommended to get in touch with shady individuals like the ones behind the Muslat Ransomware. A safer choice is to download and install a reputable anti-malware tool, which would rid you of the Muslat Ransomware easily.