Home Malware Programs Ransomware MOOL Ransomware

MOOL Ransomware

Posted: February 19, 2020

The MOOL Ransomware is a file-locking Trojan that's from the STOP Ransomware Ransomware-as-a-Service (or RaaS). The MOOL Ransomware can block files through encrypting them, media formats such as documents, particularly, and sell its unlocker through a ransom note. Users should take all suitable, backup-based precautions and let their anti-malware solutions remove the MOOL Ransomware whenever they detect it.

The STOP Ransomware's Latest Progeny at Work

An unknown build iteration of the STOP Ransomware's family is in the wild, with victims in indeterminate regions of the world. The MOOL Ransomware might be, like its ancestors, targeting Southeast Asian nations like Indonesia, although the STOP Ransomware campaigns can occur in any continent. For now, malware analysts aren't finding many details that differentiate the MOOL Ransomware from other family members like the BBOO Ransomware, the Nakw Ransomware, the Reha Ransomware or the Redl Ransomware. However, it also bears just as much danger to any files it assaults.

The MOOL Ransomware compromises Windows PCs with the intent of blocking users from opening work and files, and gaining ransom money afterward. Symptoms typical of infections include:

  • Files not opening due to being encrypted with a generally secure, AES and RSA algorithmic combination. Encrypted content also is visible through filename changes that modify the extension (adding the MOOL Ransomware's 'mool,' for example).
  • The Restore Points being unavailable; the MOOL Ransomware, and most Ransomware-as-a-Service families, can use CMD commands for deleting the Shadow Volume Copies that these backups require.
  • Websites that aren't loading in your browser due to Hosts settings changes. Users can, however, restore a 'clean' version of the Hosts file quickly.

The MOOL Ransomware monetizes its attacks by creating TXT ransom notes that give instructions on buying an unlocker for the victims' files. Ransoms tend to be both unreliable and expensive means of acquiring a decryptor. However, malware experts find chances against free decryptors ever becoming compatible with the MOOL Ransomware, or any other 2020-era releases of the STOP Ransomware.

Putting a Stop in the STOP Ransomware with a Little Planning

The pre-established presence of a secure backup is integral to recovering files from file-locker Trojan infections with any consistency. Malware experts note that most file-locker Trojan families, even Ransomware-as-a-Service ones, don't target NAS dev explicitly, and many of them will exclude unmapped network shares. For total protection, users can always move their files to detached devices, such as USBs, or locations with additional password protection.

The MOOL Ransomware's samples show limited information on any distribution models or exploits at play. However, it is an apparently-recent addition to its family as of mid-February 2020. Users should avoid enabling macros in corrupted e-mail attachments, decline poorly-rated or illicit torrents, and turn off features like JavaScript, Flash and RDP when it's possible. Using strong passwords also will prevent attackers from compromising a network and locking its files arbitrarily.

Cyber-security products have overall-positive rates for detecting most versions of the STOP Ransomware, although the actual threat entries may use generic names. Anti-malware scans from any trustworthy anti-malware suites should delete the MOOL Ransomware on sight without much trouble.

A RaaS business will not dry up until the profit does, and that's up to the victims. The MOOL Ransomware is only a symptom of a landscape that's wide open for pilfering – one in which users aren't saving their files as carefully as is warranted.

Loading...