Home Malware Programs Ransomware Maas Ransomware

Maas Ransomware

Posted: July 7, 2020

The Maas Ransomware is a file-locking Trojan that's from the STOP Ransomware or the Djvu Ransomware family. The Maas Ransomware retains the traditional features of that group, such as locking files with encryption, creating extortionist message and deleting backups. A reliable anti-malware service can block infections or uninstall the Maas Ransomware, but secured backups are likely-mandatory for recovering encrypted media.

Catching More Children of Djvu Ransomware's Heritage

The legacy of the STOP Ransomware or the Djvu Ransomware Ransomware-as-a-Service receives a refresher with each new variant that attackers, old or new, hire and distribute. In most campaigns, there are few payload changes – with the Trojan's code under the control of the RaaS family's threat actor, predominantly. The few tweaks that differentiate the Maas Ransomware from the cousins mostly are ones of timing and naming conventions.

Although the Maas Ransomware's name might hail from Dutch or other languages, current releases of its family tend to use completely-random names of four characters per campaign. With samples dating to July, the Maas Ransomware primarily is a threat to Windows users, with its family showing limited to no interest in other OSes like Linux. For those who are vulnerable, it offers a payload rich in encryption-based file-locking attacks.

The Maas Ransomware may generate a Windows update UI as a distraction for the user while it's busy encrypting content, which it narrows down according to formats and locations. Besides locking documents, pictures, archives, and other media, the Maas Ransomware also adds its 'maas' extension and ransoming details into filenames, and wipes out the Restore Points via a hidden command-line action. Since only a sharp minority of victims can recover with free decryption tools or other alternatives, most users may find the Maas Ransomware's ransom notes tempting: a pair of TXT and HTA files that sell the family's data unlocker, at a price in Bitcoins.

Taking the Costly Risk Out of Data Locks

With hundreds of dollars being the standard ransom for the Maas Ransomware's family, even in the best of situations, users are out of significant money just for the hope of unlocking their work. Malware researchers highly urge all users into establishing well-regulated and often-updated backups on devices that aren't accessible immediately, whether the protection is through a password or physical detachment. The Maas Ransomware is no less secure, encryption-wise, than most relatives of the same overall build, such as Nppp Ransomware, the Pezi Ransomware, the Remk Ransomware, the Tabe Ransomware, or the Zida Ransomware – all from 2020.

The STOP Ransomware family is as diverse in distribution models as its hiring threat actors, who favor a RaaS over building a 'solely theirs' Trojan. Some patterns that malware researchers connect to these attacks include the abuse of fake downloads like torrents, e-mail attachments with themed tactics like delivery notices, and the exploitation of macro vulnerabilities. Users also should remain alert to potential password loss by the AZORult spyware.

Anti-malware programs from most professional companies should not experience problems with identifying a file-locking Trojan from a well-known family. Removing the Maas Ransomware through such tools should be straightforward for all users, even if disinfection doesn't unlock the media.

The Maas Ransomware's name might be part of the ongoing randomization and eschewing of themes in its family or a hint of European distribution plans. In any case, it's a Trojan whose payload is only as potent and expensive as its victims' corresponding frailties.

Loading...