M0on Ransomware

Posted: November 23, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	91

First Seen:	November 23, 2016
OS(es) Affected:	Windows

The M0on Ransomware is a Trojan built off of the My Little Ransomware modular kit with the intention of blocking your local content by encrypting it and making you pay money to retrieve it. Past versions of this family target Chinese-based PC users with file damages that can be irreversible primarily. Remove the M0on Ransomware with proper anti-malware tools as soon as possible to prevent any additional damage, and recover any lost data from your latest backup.

A New Moon Rises for One Trojan's Family

America and Europe are far from the only areas at risk of being victimized by file-encrypting Trojans seeking to cause damage to your data in return for undeserved revenue. One Chinese family, the My Little Ransomware, has been showing renewed activity in the form of the M0on Ransomware recently. The Trojan also includes a handful of features meant to help its installation and launch so that it can harm your local data before you recognize that your PC is under attack.

Initially, the M0on Ransomware generates a Mutex (to prevent itself from installing multiple times on the same system) and creates Registry entries for loading automatically. Most of its other components conceal themselves in a sub-directory of the Windows Documents folder, although it also compromises the Windows folder. It uses formats to determine which files it encrypts, selecting targets including ZIP archives, MP4 music, and DOC documents, among dozens of others.

Malware experts find the M0on Ransomware creating more significant name changes to that content than most file-encrypting Trojans, with the M0on Ransomware including both a new extension and additional characters to overwrite the original names. However, this change is cosmetic and less threatening than the accompanying encryption cipher that blocks your files from opening even if you rename them.

A Hopeful Lights out for the M0on Ransomware's Funding

Free program code is an unsafe gift to offer any con artist and has been responsible for other families than the M0on Ransomware's own, such as countless rehashes of Hidden Tear and EDA2. No decryption tools for free are yet in circulation for the M0on Ransomware or other members of the family. A victim's best hope for undoing the M0on Ransomware's file damage remains to keep an updated backup, ideally one on a drive or server that you isolate from the infected PC.

The M0on Ransomware is a niche threat, like most file-encryption Trojans, but does cause a range of modifications to essential Windows components. Use your anti-malware programs for removing the M0on Ransomware automatically, if possible, and recover your data after the fact. Malware experts can find evidence of the M0on Ransomware in circulation since October, which indicates that any security programs with old threat databases may be less able to detect the Trojan.

Unhappily, since this industry continues being a profitable one, and code resources are amply available, threats like the M0on Ransomware can be assumed to continue being a routine part of the PC security landscape.

M0on Ransomware

Threat Metric

A New Moon Rises for One Trojan's Family

A Hopeful Lights out for the M0on Ransomware's Funding

Leave a Reply