Home Malware Programs Ransomware Masok Ransomware

Masok Ransomware

Posted: August 7, 2019

The Masok Ransomware is a file-locking Trojan that can disable documents and other digital media through encryption. These attacks rarely are recoverable, and most users will require backups for recovering. In most scenarios, anti-malware programs should remove the Masok Ransomware appropriately or block infections through traditional vectors.

The Trojan that will not Let an Ocean Stand Between It and a Victim

Among the series of file-locker Trojans targeting Indonesia, many of them, like the Masok Ransomware, belong to the STOP Ransomware or Djvu Ransomware family. However, not all of them stop their attacks at just the residents of that country. For example, the Masok Ransomware belongs to a minority that is also spreading throughout Pakistan. The infection exploits in use are debatable, but, likely, include some means of disguised downloadable content, such as game-key generators, software licensing cracks or fake movies.

The Masok Ransomware uses the archetypal combination of AES and RSA encryption for locking files, AKA, converting them into non-opening versions of themselves. One of the few identifiers that the Masok Ransomware leaves to set itself apart from its numerous relatives during this process is the 'masok' extension that one can find on the files' names. Office documents or spreadsheets, pictures, and archives are some of the prominent examples of media that the Masok Ransomware damages this way.

Generated text messages are another feature that's built into the Masok Ransomware's family by default, which includes members as new and old as this month's Brusaf Ransomware or the Lotej Ransomwa, along with the aging Djvu Ransomware and the Rumba Ransomware. Users may wish to save these notes for relevant information, such as address changes, for the cyber-security industry. However, they should be careful concerning any ransom payments, which aren't reliable ways of gaining access to a file unlocker.

Barricading the Dock from Sailing Trojans

The countermeasures to the STOP Ransomware are well-known, thankfully, since variants appear weekly. Backups on non-local devices will help with recovery and prevent the Masok Ransomware's gaining any leverage for extortion. Safe Web-browsing habits and avoiding illicit unofficial, or suspicious downloads will, similarly, keep your PC in a state of improved safety. Server administrators also can abide by best practices that keep their accounts impenetrable to hacking attempts.

Unfortunately, there aren't many symptoms related to the Masok Ransomware's payload, which emphasizes avoiding detection while it encrypts files, deletes backup data and conducts its other attacks. However, any users who do identify a possible infection should disable Internet connectivity ASAP, which may stop the Masok Ransomware from downloading its C&C key. Doing so can force it into a less-secure encryption mode with better recovery possibilities for the victims.

As usual, standard anti-malware solutions should remove the Masok Ransomware, and most versions of the STOP Ransomware, and stop them before any attacks begin.

How the Masok Ransomware is getting around in Asia is anyone's guess, but the unsafe surfing habits of the people it's attacking are likely instigating factors. Browse the Web cautiously, and file-locking Trojans will find it much harder to gain a foothold against your media.

Loading...