Mockba Ransomware
The Mockba Ransomware is a file-locking that uses Russian-themed encryption attacks for blocking your PC's media. Such attacks are rarely reversible by freeware tools, and users should prioritize the possession of updated backups for a better recovery option. Robust anti-malware solutions also may present an adequate defense by removing the Mockba Ransomware upon detecting it.
The Trojan that's Almost Russian
In a case of 'almost, but not quite' imitation, a new file-locking Trojan with pretensions towards a Russian theme is showing up in the wild. The Mockba Ransomware bears the closest resemblance to the Scarab Ransomware, a well-known and Russia-leaning Ransomware-as-a-Service, but isn't an apparent member of the family. For now, malware analysts are confirming the presence of ransom attempts, aesthetic changes to names, and, unfortunately, harmfully-leveraged encryption in its payload.
The Mockba Ransomware converts targeted media (such as Word documents, JPG pictures, or MP4 audio) into encrypted copies without requiring any consent from the user. It also tags each file's name with the 'mockba' string, which is significant for being an Anglification of 'Москва.' Москва is the Russian word for Moscow.
However, the Mockba Ransomware isn't targeting native Russian speakers. Malware researchers only can find samples that drop English-based text messages, which give the victims an e-mail address (which is, once again, themed after Russia) for negotiating. Also included is an ID, which is very typical of a Ransomware-as-a-Service or RaaS business, such as the Scarab Ransomware, the Dharma Ransomware or the STOP Ransomware.
Keeping Software from Mocking Your Security
Whether or not it's targeting particular regions of the world, the Mockba Ransomware is a potential danger to any user without appropriate backups. Saving one's backups to another device, including portable drives or cloud services, is, frequently, the sole recovery option for any encrypted data. Securing encryption, even for threat actors with little programming experience, is a non-demanding task that's made all the more so by the free availability of associated code and utilities.
Stopping infections before they happen, also utilizes a standard range of practices that are preferable for most Web surfers in recreational or business environments. Disabling browser scripts, scanning attachments before opening them, and eschewing torrent-based downloads are some of the recommended guidelines. Malware researchers also explicitly warn against enabling macros inside of documents carelessly, which routinely are stepping stones for threat actors using phishing or spam-based campaigns.
Users also can update their anti-malware programs' threat databases for improving their rates for identifying and deleting the Mockba Ransomware appropriately.
The Mockba Ransomware may favor Russian victims out of personal preference, or its theme could be just a tongue-in-cheek mockery of the United States' current political atmosphere. In either instance, it's nothing but trouble for your documents, pictures, archives, and all other formats of media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.