Home Malware Programs Ransomware Moresa Ransomware

Moresa Ransomware

Posted: April 22, 2019

The Moresa Ransomware is a file-locker Trojan that can stop your media files from opening, including most formats of documents, images, compressed archives, slideshows, music, databases and spreadsheets. Since the Moresa Ransomware is a member of the STOP Ransomware or Djvu Ransomware family, its encryption isn't always reversible with free software. Let your anti-malware products protect your PC by removing the Moresa Ransomware as soon as possible and keep backups for any emergency recoveries.

The STOP Ransomware Steadfastly Refusing to Live Up to Its Name

Peruvian Windows users are reporting attacks by the Moresa Ransomware out in the wild: a new version of the STOP Ransomware's family. The Ransomware-as-a-Service threat is capable of delivering attacks that keep your documents and other media in states of captivity for forcing victims into paying ransoms. More recently, new versions like the Moresa Ransomware may be capable of causing additional problems, by interfering with the browser when you search for help against it.

Although the evidence of the Moresa Ransomware is only for installations in South America, it's not likely that its threat actors are attacking that nation solely. Malware researchers do see a cursory correlation between infections and the presence of torrenting software, which may be the result of the Moresa Ransomware's distributing itself as a fake keygen, movie rip, or other, illicit download with high demand, spam e-mails and brute-forcing exploits (specifically for government, business or NGO systems), also, are enablers of file-locker Trojans' campaigns.

The Moresa Ransomware blocks non-OS-related files on the infected Windows machine, including text documents and other content, by encrypting them with an AES algorithm and securing it with RSA. The key for the second half of the procedure may differ between two infections if it can contact a C&C server. However, if it can't, it resorts to a backup one that may be less secure, but still stops any files from opening.

Cutting the Ransom Price Tag from Your Data Recovery

Malware experts can't yet verify whether or not the Moresa Ransomware belongs to the newest branch of the STOP Ransomware that includes browser-redirecting attacks, as per the Rumba Ransomware. It may, however, disable security features like Windows Defender, delete your Windows backups, or reach over local network connections for encrypting more files on other machines. Like all versions of the STOP Ransomware, from the Norvas Ransomware and the Guvara Ransomware to the early Djvu Ransomware, it can block most recreational and work files and append its extension to them ('.moresa').

Any individual updates that the Moresa Ransomware may or may not receive are no justification for protecting your files with the standard recommendation of secure backups. Never save backups to locations that threats could access for reading, writing or deleting purposes, and always keep your backup on a regular schedule for updating as the files, themselves, get updates. Nearly all brands of anti-malware products should provide some protection from this threat and have means of uninstalling the Moresa Ransomware from your computer if you need it.

There are strong arguments to be made in favor of backing up files for preempting the payloads of file-locker Trojans, wiper Trojans, and other mishaps. Even more pertinently, there are no arguments, whatsoever, for justifying not having a backup at all, which all but asks for the Moresa Ransomware, or another Ransomware-as-a-Service Trojan, to take advantage of your shortsightedness.

Loading...