Mora Project Ransomware
Posted: June 16, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 16 |
| First Seen: | June 16, 2017 |
|---|---|
| Last Seen: | September 1, 2022 |
| OS(es) Affected: | Windows |
The Mora Project Ransomware is a new version of Hidden Tear: a Trojan made to demonstrate the efficacy of file-encrypting attacks for extortion. While it damages your digital content, the Mora Project Ransomware will show few or no symptoms, although, afterward, a victim may identify the files by their new extensions. Ignore the ransom demands, if possible, and use backups to recover while deleting the Mora Project Ransomware with your preferred anti-malware solution.
The Importance of Proper Punctuation in Felony
Unsurprisingly, malware experts have yet to see slowdowns in the breakneck pace of new variants of Hidden Tear attacking arbitrary victims. Because they utilize a code that's already developed and bug-tested, mid-development Hidden Tear threats like the Mora Project Ransomware are fully capable of being hazardous, even if their authors don't finish them. However, the Mora Project Ransomware might benefit from additional work, even from the con artist's point of view, due to the formatting errors in its ransom note.
Through an AES-based encryption routine, the Mora Project Ransomware can lock content of formats including DOC, XLS, JPG and other media. The Trojan appends every name for a locked file with the '.encrypted' extension, which is a symptom that it shares with other Trojans (for example, the HAHAHA Ransomware). Once it blocks that content, the Mora Project Ransomware creates a text message on the desktop, which is a standardized feature of Hidden Tear clones.
While malware experts haven't seen the same message in other file-encrypting campaigns, the contents of the Mora Project Ransomware's note includes poor formatting implying that it's a product of an automatic translation service. Although the Mora Project Ransomware's author offers to sell the key to the unlocking decryptor component, issues with his choice of punctuation leave his ransom fee ambiguous. Victims may be expected to pay either forty or forty thousand USD in a cryptocurrency that protects the con artists from traditional refund policies.
Stopping a Pet Project in Extortion from Getting Off the Ground
Extortionists working in languages that aren't their native tongue aren't necessarily reduced hazards to those they attack; the Mora Project Ransomware's using English could give it compatibility with a diverse range of target PCs throughout the world. However, because of its insistence on using Bitcoin for its ransom, the threat actor could accept the money from a Mora Project Ransomware infection and refuse to give the victim any help, all the while suffering no drawbacks. For PC users who do need to protect their media from similar attacks, malware experts advise that they use backups on other devices or Web storage services.
Threat actors install Trojans with file-locking payloads by using malicious e-mail attachments that they design to look like safe messages or documents frequently. Less professionally run or specifically targeted Trojan campaigns also can use indiscriminate methods like exploit kits or bundling the installer with freeware. Regardless of its means of entry, most anti-malware scanners should alert you about this threat and remove the Mora Project Ransomware without letting it damage your files.
Those suffering from the Mora Project Ransomware's attacks could try to restore anything they lose with a free decryption application. However, malware experts recommend not putting all your eggs in one basket, particularly if the basket in question is an easily-compromised hard drive.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.