Home Malware Programs Ransomware Moth Ransomware

Moth Ransomware

Posted: July 26, 2016

Threat Metric

Threat Level: 8/10
Infected PCs: 450
First Seen: July 26, 2016
Last Seen: March 14, 2022
OS(es) Affected: Windows

The Moth Ransomware is a file encryption Trojan that holds data hostage with the promise of restoring it once you pay its fee. Like almost any other Trojan of its kind, the Moth Ransomware provides no firm guarantee of its data restoration services, and malware experts emphasize using preemptive data storage methods to keep its attacks from damaging your files. Whether or not you get your files back, always remove the Moth Ransomware with anti-malware tools that can identify any additional threats that may be installing themselves with it or responsible for its installation.

A New Trojan to Your Bitcoin Account like a Moth to Flame

Although Trojans sometimes are compared to rapidly-reproducing vermin, a threat invites as a direct comparison as the Moth Ransomware rarely. This Trojan uses what malware analysts currently estimate as being an AES-256 algorithm to encipher its victim's data, and then adds its '.m0th' to each file. Like any digital contents modified by a Rijndael algorithm, the internal contents of each file is made uninterpretable by their associated programs, but the data still is recoverable with a matching decryption routine.

The full range of extensions at risk from the Moth Ransomware still is being determined, but malware experts' early estimates note that it could target over two dozen types. Formats most often under threat from harmful file encoders include text documents, spreadsheets, images, archives, Web page components, audio, and popular freeware or Microsoft software data.

Most data encryption Trojans prefer using TXT messages for delivering their ransom demands, and the Moth Ransomware continues this industry-wide inclination. Rather than asking for any e-mail contact, the Moth Ransomware recommends using BitMessage (an anonymous, P2P messaging client) to contact its developers and make a payment. Malware experts have yet to log any ransom negotiations for speculation on their demands, although most ransomware campaigns use Bitcoin ransoms with a minimum value of 200 USD.

Blowing out a Trojan-Luring Candle

The Moth Ransomware has no apparent relationship with other threat campaigns of its kind and shows few differences from similar file enciphering threats. Although no entities in the PC security sector have come forward to provide a free decryption program for the Moth Ransomware, this threat still can be crippled by a prepared PC user. Backing your files up to secure locations will keep the Moth Ransomware from being able to cause any permanent data loss, turning its ransom demands into empty threats.

E-mail and, to a much lesser extent, website-based exploit kits are two of the most common means of acquiring infections of this type. Preexisting security standards, such as updating software, disabling scripts, and scanning attachments from unrecognizable senders all should identify Trojan droppers that could install the Moth Ransomware automatically. Your anti-malware tools, if active, also may disable and delete the Moth Ransomware before it can finish encrypting any data.

Besides its obvious impact on the need for Web security, the Moth Ransomware also shows the dangerous side of technological idealism. While Web industry players often voice concerns about security abuses and the need for anonymity, con artists like the Moth Ransomware's authors are just as happy to make use of the benefits of privacy as anyone else.

Related Posts

Loading...