MaMoCrypt Ransomware
The MaMoCrypt Ransomware is a file-locking Trojan that blocks your PC's digital media files, such as documents, according to their formats and locations. The Trojan also solicits a ransom through a text file, although users can avail themselves of other recovery solutions, including a freeware decryptor. Anti-malware services from most professional PC security companies should eliminate the MaMoCrypt Ransomware promptly, both before the installation and afterward.
The Job that Ducks Under Laws to Get Paychecks
File-locking Trojans operate under an often-proven-correct assumption about those they attack: that backups are thought of, erroneously, as more trouble than they're worth. Even more independently-operating Trojans like the MaMoCrypt Ransomware, a revision of 2019's MZRevenge Ransomware project, doesn't stray significantly from the attacks and standard guidelines long since hashed-out by the Ransomware-as-a-Service industry and many Hidden Tear remixes. Ultimately, while users know what to expect of the MaMoCrypt Ransomware, this knowledge only matters if they use it.
The MaMoCrypt Ransomware targets Windows environments and blocks the victim's work and recreational files by picking both particular directories related to media content (Windows documents, pictures, etc.) and associated formats (MP3, AVI, DOC, and so on). It also tags them with an extension, although the string uses 'MZ' and a series of letters instead of the Trojan's name. Malware experts point out an interesting detail in this year-old Trojan that its encryption routine, which uses AES and TWOFISH keys, uses a bytes-in-memory mask that self-updates per file locked. In practical terms, this method means that the decryption or unlocking of files can't occur randomly but has to employ an order that matches the Trojan's locking order.
The MaMoCrypt Ransomware's campaign also offers a typical assortment of supporting attacks to render the user's PC vulnerable and collect ransoms (through a text note, claiming that it's 'just a job,' that it leaves in every afflicted folder). The Trojan may disable the Windows Firewall, bypass UAC restrictions, and, of course, delete the Restore Point or the Shadow Volume Copy data. All of these functions are ones that malware analysts see, time and again, within many Trojans' families, but are notable for the negative security impact and damage to recovery options on infected Windows systems.
More than Just a Gleam of Hope in the Gloom of the MaMoCrypt Ransomware Campaign
Having unique encryption standards, thankfully, isn't the same as secure ones. While even a minimally-trained programmer could create a file-blocking solution that's unbreakable by any practical means, the MaMoCrypt Ransomware's threat actor is either overconfident or sloppy. Courtesy of a Romanian AV vendor, Windows users may download a free decryption tool to recover any files that the MaMoCrypt Ransomware locks. There is, unfortunately, one exception: files over four gigabytes, which the MaMoCrypt Ransomware encrypts partially and corrupts into being unrecoverable permanently.
Still, users should remember that most file-locking Trojans' captive media files are not retrievable without risking the ransom, whose worth depends on criminals' honor and programming competence. Backups to other devices are a universally-applicable solution to all threats of this category. Malware experts further recommend securing them through account privileges and password protocols, as is appropriate. The infection methods for Trojans of the MaMoCrypt Ransomware's stripe wildly vary, from Coronavirus-tracking application bundles to game crack-themed torrents to e-mail spam or a browser-attacking Exploit Kit.
Conventional anti-malware products can protect home users and workplace PCs from attacks by file-locker Trojans through multiple vectors. Updated security software should catch and delete the MaMoCrypt Ransomware without giving it time to start locking files or disabling essential safety features.
The MaMoCrypt Ransomware is a creative twist on attacking files with a year of collecting ransoms, unhindered. Hopefully, the attackers have made little off of its campaign and will give up the Black Hat lifestyle after seeing the Trojan's prime feature kneecapped.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.