Home Malware Programs Ransomware Msop Ransomware

Msop Ransomware

Posted: December 3, 2019

The Msop Ransomware is a file-locking Trojan from the Ransomware-as-a-Service family of the STOP Ransomware. Besides blocking your media by encrypting it, the Trojan may delete the ShadowVolume Copies, create ransom notes, and cause other, less visible security issues. All users should remove the Msop Ransomware with appropriate anti-malware software as soon as possible before attending to data recovery with backups or other methods.

A Continuation of the STOP Ransomware's Refusal to Abide by Its Name

Like most of the more prolific Ransomware-as-a-Service families, the STOP Ransomware (or Djvu Ransomware, after one of its more notable variants) isn't stopping anytime soon. Near releases from this file-locking group of Trojans usually target Southeast Asia in the highest numbers, although Africa, the Middle East, and North America also are periodic battlefields. The latest version, the Msop Ransomware, is circulating in unknown regions, although current samples suggest it's functioning as intended.

The naming scheme of most versions of the STOP Ransomware follows a pattern of semi-randomly-selected characters forming a faux-word that becomes the Trojan's extension. It adds these extensions onto the names of every file that it locks (through the AES-256 and RSA encryptions). For the Msop Ransomware, and relatives like the Dodoc Ransomware, the Grovat Ransomware, the Nasoh Ransomware, or the Todar Ransomware, it focuses on blocking media, such as documents, spreadsheets or music.

Malware experts recommend disabling network connectivity as soon as possible after suspecting any infections. Doing so can force the Msop Ransomware into switching to an internal encryption method that's less protected than its online, C&C-downloaded one notably. This precaution can make the difference between your files being retrievable or not through a freeware decryption service. Online encryption through this family is secure in roughly nine out of ten decryption attempts by third parties.

Future-Proofing Your Files from Trojan Abuse

Bare-minimum effective defenses against any file-locking Trojan always will require a backup on a device that the Trojan can't access. Cloud services, local networks with appropriate security protocols in place, NAS devices, and portable USBs provide insurance against the Msop Ransomware infections. While the Msop Ransomware creates a text ransom note containing an offer for help with the unlocking solution, paying its ransom is a gamble, and cyber-security history is rife with examples of it not paying off.

The Msop Ransomware's family has some connections with spyware that can exfiltrate credentials from infected Windows machines, as well as with media download tactics like fake torrents. Most users endanger their systems by interacting with an illicit download resource or enabling macros on a phishing document, such as a fake invoice. Some simple precautions while browsing the Web will limit the Msop Ransomware's infection vectors to a minimum.

Over fifty brands of AV vendors' products are identifying this specific variant of the STOP Ransomware. Depending on anti-malware services for removing the Msop Ransomware can help with guaranteeing complete disinfection, including removing related spyware.

Although the Msop Ransomware is threatening, the problem it brings forth are ones that any casual PC user has the tools for defeating. Taking a lighthearted stance with one's media is one way of getting Black Hat software to ask what your files mean to you – in terms of money.

Related Posts

Loading...