Motd Ransomware
Posted: March 21, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 34 |
| First Seen: | March 21, 2017 |
|---|---|
| Last Seen: | February 18, 2022 |
| OS(es) Affected: | Windows |
The Motd Ransomware is a Trojan that threat actors may install after exploiting network-related security vulnerabilities to gain system access. It encrypts local files to stop you from being able to open or read them and creates messages for ransoming the matching decryptor. Your standard anti-malware solutions may identify and delete the Motd Ransomware, but without preventing the infection, having non-encoded backups may be your only option for restoring any data.
Your Message of the Day is: 'Pay for What's Already Yours'
As consumer interest in operating systems other than Windows grows, threat actors also are including details pertinent to those other OSes in their attacks. For the Motd Ransomware, a new file-encrypting threat, its authors are using Unix references as part of the Trojan's brand and identity. Malware analysts estimate that threat actors are introducing the Motd Ransomware to Windows or Unix servers through targeted attacks against individual corporations or businesses, most likely, smaller ones that exercise poor standards for RDP and password security.
The Motd Ransomware can encrypt files of any format the threat attack specifies in its internal configuration, including ZIP archives, DOC documents, spreadsheets, video, audio, 3D models or slideshows, for some examples. Although the Motd Ransomware adds the same '.enc' extension to its encoded content as the ones in use in other campaigns, such as the EncryptoJJS Ransomware attacks, malware experts can't confirm any connections between these threats. The Trojan also stores data holding the original size of the file in the first eight bytes of the new files.
The Motd Ransomware's attacks include generating a key for you that provides a customized ID number for the infection. Victims can deliver the number to the Trojan's e-mail address, which it promotes with a dropped text file, and may receive help for unlocking their content after paying a ransom. Because threat actors use non-refundable methods for extorting money, paying for a decryptor is a solution prone to backfiring on the victim.
Defending Your Server against the Trojan Horse of the Day
Along with any circumstantial ties that the Motd Ransomware may or may not have to similar threats, its distribution methods place businesses with poor network safety practices at high risk. Unprotected servers may be encoded and locked relatively quickly and without displaying symptoms in the meantime. Remote Desktop-based attacks don't need the user's consent, although threat actors also may be circulating the Motd Ransomware through other means such as spamming e-mail attachments.
Shadow Copies and other, local backups often are deleted by Trojans of the Motd Ransomware's classification either before or after the encryption attacks. Save your backups in a location that's not at-risk, such as a protected peripheral device or a cloud service. Free decryption services are not available for most new file-encrypting Trojans, including the Motd Ransomware, which may not see the release of such a solution necessarily. Alternately, make responsible use of all network security settings and have anti-malware products to quarantine the Motd Ransomware during any fraudulent installation attempts, such as a disguised e-mail content.
The text files and name changes of the Motd Ransomware infections are easy to recognize but always occur as aftereffects of the file-encoding payload. With malware experts finding no easy ways out of attacks like a the Motd Ransomware infection, any Web-using business employees should rely on their security standards, rather than their eyes, to stop a hostage scenario.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.