Mosk Ransomware
The Mosk Ransomware is a file-locking Trojan from the family of STOP Ransomware. Its attacks use encryption – usually, secure – for blocking the victim's media files for extorting money. Users should avoid paying ransoms and have the anti-malware program of their preference remove the Mosk Ransomware before restoring from their last backup.
India Gets More Encryption without Even Asking
The farming out of distribution to third parties is leaving the Ransomware-as-a-Service sector running at an extremely rapid pace, with numerous campaigns swapping brands and techniques by the day. Despite the liquidity of this underground marketplace, many Trojan families share consistent traits across their members, such as the STOP Ransomware's geographical preferences. The Mosk Ransomware is the latest variant that reaffirms that residents of Asia are at high risk from its greedily-wielded encryption particularly.
The Mosk Ransomware can block files with the usual one-two punch of the AES and RSA encryptions and will target many of the media formats that are most likely of harboring value, such as pictures, audio and documents. Similarly to the Blower Ransomware, the Todar Ransomware, the Toec Ransomware, or the Werd Ransomware (all from the same family), the Mosk Ransomware also can delete some Windows backups by issuing a CMD command in the background. Malware analysts find no notable swerves in the Mosk Ransomware's payload, although it does have a new version number of 0180.
In the early stages of its campaign, the Mosk Ransomware's most significant detail is its victims' locations. Ironically, the relative of a cyber-security researcher in India's capital numbers among the Mosk Ransomware's victims. Such a locale is commonplace for the STOP Ransomware, which has an extreme, but not exclusive, preference for areas such as the Philippines, Malaysia, and other parts of Southeast Asia – and the Mosk Ransomware re-confirms the ongoing trend.
Getting the Trojan Meddling Out of Your File Data
The Mosk Ransomware's current distribution could be a fluke; its name translates to Filipino as 'mosque,' which provides both a meaningful theme and another, likely playground for the Trojan's attacks. Malware experts do, however, find many versions of the STOP Ransomware crossing borders via general-purpose infection methods such as torrents. In many cases, these installers use themes related to illicit activities for gaming (such as a key generator), particularly.
Other infection techniques may exploit e-mail attachments pretending that they're legitimate content for the recipient or compromise a server directly by cracking login credentials or abusing software vulnerabilities. For the latter, updating software and using strict passwords will provide an ample defense. For the former, users shouldn't enable macros rashly and should scan incoming downloads with suitable security tools.
Deleting the Mosk Ransomware, whether beforehand or after infection, always should use anti-malware products for streamlining the process and disinfecting compromised Windows components.
The Mosk Ransomware is a stereotypical case of a STOP Ransomware campaign gone after files and, by extension, their owner's money. While it might not be possible for already infected victims, future ones still have time for protecting their data before ransoms enter the equation.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.