Moloch Ransomware

The Moloch Ransomware is a threatening piece of malware that may reach your computer via a fraudulent email attachment, suspicious file download, or a fake installer/update package. The goal of this ransomware is to gain access to your files and then encrypt their contents. Because of Moloch Ransomware's attack, victims may lose access to their documents, images, media, archives, databases and many other files. Of course, this is not everything that the Moloch Ransomware does – it also wipes out the System Restore Points and the Shadow Volume Copies before proceeding to drop the ransom message 'readme-warning.txt.'

Victims of the Moloch Ransomware should be able to recognize the damaged files thanks to the unique extension that this file-locker adds to their names – '.[<VICTIM ID>].[moloch_helpdesk@tutanota.com].moloch.' The same file renaming pattern is used by the Makop Ransomware and there seem to be other similarities between these two file-lockers. It is likely that the Moloch Ransomware might be based on the Makop project.

Victims of the Moloch Ransomware will find a ransom message urging them to message the attackers at moloch_helpdesk@tutanota.com or moloch_helpdesk@protonmail.com. The criminals state that they will decrypt up to two files for free so that their victim will have the reassurance that the decryption task can be accomplished. However, they will ask to receive a ransom payment to provide the full decryption service.

Victims of the Moloch Ransomware should ignore this offer because sending money to cybercriminals is an easy way to get tricked. Instead of risking their money, users affected by the ransomware attack should run an anti-virus scanner to eliminate the threat. After the removal of the Moloch Ransomware is complete, they can try to restore access to their files by recovering from a backup or using alternative file recovery methods and software.