MoonCryptor Ransomware
Posted: August 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 64 |
| First Seen: | August 17, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The MoonCryptor Ransomware is a file-locking Trojan that uses encryption to block documents and similar media until you pay a fee. This threat also may make additional changes to the names of any encrypted content and delete files on a timer, similarly to the Jigsaw Ransomware. Disable the Trojan by any means necessary before using anti-malware products for removing the MoonCryptor Ransomware, and otherwise disinfecting your PC. You should restore any damaged files with freeware solutions or backups.
The Race to Beat a Ransom Crisis to Your Recycle Bin
Even though secure encryption is enough of a threat to intimidate most PC users, particularly those without any recent backups, some threat actors prefer to stress further penalties for not obeying their demands. One variation of the archetypal file-ransoming strategy is to delete files periodically, guaranteeing their complete loss to the owner. The newest campaign to use such a style of attack, the MoonCryptor Ransomware, implements it in a fashion highly similar to the well-known Jigsaw Ransomware.
Although malware experts haven't confirmed any relationship between the two Trojans, the MoonCryptor Ransomware's payload operates very similarity to the old campaign. The MoonCryptor Ransomware scans the PC for general media formats, such as DOC or PNG, and encrypts them using a secure combination of the AES and RSA.
The MoonCryptor Ransomware loads a pop-up automatically after finishing its data-locking, which also appends '.fmoon' extensions to the files' names. This window provides a supposedly embedded decryptor feature that the victim can buy through the threat actor's ransom-processing website. Like the Jigsaw Ransomware, the Crypren Ransomware, and similar threats, allowing the timer to expire triggers the automatic deletion of one or more of the locked files. Malware experts have been incapable of confirming whether the data is erased securely or could be retrieved afterward, such as by using the Windows Shadow Copies.
Eclipsing a Lunar File-Ransoming Campaign
Timing conditions are commonplace among Trojans that try to damage digital media to force their owners into paying quickly. Since threats like the MoonCryptor Ransomware often are compatible with free decryption software developed by various security organizations, allowing the victims to transfer their money at a time of their choosing often causes a dearth of ransom payments. Since the MoonCryptor Ransomware and similar Trojans require being active to delete your files, malware experts recommend acting to disable then immediately before taking any other actions, including rebooting the computer.
Both the Safe Mode feature included in most operating systems and booting through a peripheral device remotely can be viable strategies for disabling threats that auto-launch with the OS. Users should until prioritize having the danger to their PC's security removed or quarantined before recovering any files that the MoonCryptor Ransomware damages. However, most anti-malware products have positive success rates for deleting the MoonCryptor Ransomware. Afterward, malware experts recommend using backups for recovering the last secure copies of your media or using free decryption software, such as the Hidden Tear BruteForcer.
File-blocking Trojans aren't always a one-time security problem. Leaving Trojans like the MoonCryptor Ransomware alone to continue attacking your PC is a broad invitation to escalate the damage, which is why victims should respond to an infection with matching aggression.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.