The MUST Ransomware aims to sneak itself onto the targeted computer and then encrypt nearly all of the files stored there stealthily. The affected users will then be extorted for money in exchange for a decryption tool or key and the potential restoration of the locked data. The MUST Ransomware is a threatening malware threat that is part of the Dharma Ransomware family.
Dealing with ransomware threats is never easy and the MUST Ransomware is not an exception. It uses powerful cryptographic algorithms that make the locked files uncrackable through brute force virtually. The threat will modify the original names of the files it encrypts significantly by appending a unique ID, followed by an email address under the control of the hackers, and finally '.MUST' as an extension. The email address used to change the enciphered files is 'James2020m@aol.com.' The hackers provide instructions for their victims in two separate forms. First, text files named 'FILES ENCRYPTED.txt' will be dropped in every single folder containing locked files. Users also will be presented with a pop-up window containing the proper ransom note.
Opening the MUST Ransomware's text files will not bring much clarity to its victims, as the message inside is extremely brief, and it simply tells them to write an email either to 'James2020m@aol.com' or 'James2020m@cock.li.' The pop-up window offers a lengthier set of instructions. It mentions that the second email address should be used if the affected users do not receive an answer within 12 hours after messaging the main email. The ransom note ends with various warnings such as not to rename the encrypted files as that could render them impossible to restore.
The ransom note displayed in the MUST Ransomware's pop-up window is:
'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link: email James2020m@aol.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by email:James2020m@cock.li
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
The text files contain the following text:
all your data has been locked us
You want to return?
write email James2020m@aol.com or James2020m@cock.li.'