Manufacturers of the Djvu family of ransom continue to release new branches of their malicious code, the last one in the list being a variant of the .masok file.
What is Masok’s buyback program?
Against the background of a long pause in acquisition activity in general, some lines are still active and continue to pose a serious threat to individuals and companies around the world. A tribe called Djvu, or STOP ransomware, is one of the few that receives regular updates. Recently it has been extended with a new remake, which encrypts files with the .masok extension. In addition, a rescue note called _readme.txt is created and added to each folder with encrypted information. With the exception of the above suffix, this infection does not change the original filenames. The random file Test.xlsx is therefore renamed to Test.xlsx.masok. The malware uses the AES-256 symmetric cryptographic standard to block the victim’s identity. Implementation in cryptographic form is generally flawless, so the chance of recovering files is low unless the user concerned has a decryption key.
The new version of Djvu redemption adds the extension .masok to the files
Masok ransom software is usually distributed via spam. Extortionists use the malicious properties of a botnet to send misleading mass emails. These messages may be disguised as receipts, job offers, resumes, announcements of arrival or any other subject that may attract the recipient’s attention. These letters are accompanied by attachments in .zip, .docm or .js format. When these items are opened or removed, they are secretly downloaded to the computer with the ransom Trojan horse. Once in the host environment, the malicious code attempts to disable the Volume Shadow Copy Service (VSS), then scans the hard drive, removable media (if available) and network resources for files that may be useful to the victim. It focuses on personal documents, photos, videos and databases and ignores system files which, if damaged, may lead to system errors.
Ransom demand created by the mask virus
All objects seen during a secret scan are then encrypted. As mentioned before, the file names will get the .masok queue after the original extensions. By removing the message about the _readme.txt repossessed file from all folders containing the repossessed data and from the desktop, the malware explains what happened and how to repair the damaged objects. In particular, it states that the victim has 72 hours to pay Bitcoin $490 for his private key and an automatic decryption device. At the end of this grace period, repayment will double to $980. To find out which BTC wallet to turn to and how to further restore the file, the user must sign the intruder in the message to [Protected Email] or [Protected Email] and insert his personal identifier in the message.
These are some of the points that should be taken into account in the recommendations imposed by cybercriminals. Above all, we cannot be sure that they will keep their promises and provide a collection toolbox after payment. Even if it is, it’s still a cold comfort.
Malware researchers claim that the Djvu/STOP ransom can be decrypted for free, but only if an offline key has been used to delete your data. This may be due to the fact that the infected computer was not connected to the Internet at the time the data was encrypted or that the malicious computer was not running on the Command & Control server at that time. However, none of these circumstances are highly probable.
However, this recovery vector is definitely worth a try. An application called STOPDecrypter does the work as long as the above conditions are met. Install it, have it scan your computer and check if your business is supported. If the tool ignores your files, it means that Masoks ransom program has encrypted them with the online key, and there is no effective way to recover them unless you choose the terms of the criminals. In this context, it is strongly recommended to start correcting negative do-it-yourself changes by taking the following steps.
Automatic removal of the Masok ransom virus
For the control of such infections, the use of a reliable cleaning agent is a good start. Enabling this workflow ensures that every element of the ransom is found and destroyed from the affected computer.
1. Download and install the cleaning program and click the Start scan computer button.
Download the tool to remove viruses from a .masok file
2. It’s worth the wait. Once the scan is completed, you will see a report listing all the malicious or potentially unwanted items detected on your PC. Click on the Correct Threats option to automatically remove the purchased Trojans from your computer. The following steps are designed to recover encrypted files.
Recovering encrypted .masok files with djvu ransom software
Removing the infection itself is only part of the solution, because the personal data entered will remain encrypted wherever they are. Browse the methods described below and try them out to get a chance to recover the files.
Option 1: The
Cloud Backup works perfectly when it comes to solving a ransom attack. When storing backups on an external site, simply use the appropriate function of your backup service provider to restore all encrypted items.
Recovery Tools Examination of the Masok/Djvu virus reveals an important fact about the way it processes the victim’s data: It deletes the original files and the copies are actually encrypted. We now know that not everything that is removed from the computer disappears completely and can be removed from memory using certain techniques. Recovery applications can do this, so this method is definitely worth a try.
Download Data Recovery Pro
Option 3: Shadow Copies
The Windows operating system includes a technology called Volume Snapshot Service (VSS) that allows files or volumes to be backed up automatically. One of the most important conditions for this is the inclusion of the system recovery function. If it was active, certain data segments can be successfully restored.
You can perform this task using previous versions of the functions integrated in the operating system or using special applications that perform this task automatically.
- Function Previous versions
Right click on the file and choose Properties from the context menu. Find the Previous Versions tab and click on it to view the latest autobackup you have made. Depending on the action, click Restore to restore the file to its original location, or click Copy and specify a new folder. Function
- Shadow Explorer Applet
Surprisingly easy to manage previous versions of files and folders with automated tools such as Shadow Explorer. The use of this program is free of charge. Download and install it, let it create a file hierarchy profile on your computer and start the recovery process yourself. You can select a drive name from the list and then right-click on the files or folders to recover them and click Export to continue.
Is the problem gone? See for yourself.
Computer threats such as ransom programs can be more hidden than you think by cleverly tricking their components into a hacked computer to prevent them from being removed. So when you do the extra safety sweep, you put the icing on the cake when it comes to cleaning and repairing the T-junction.
Download the Masok scanner for scanning and ransom removal
stopdecrypter,ransomware decrypt tool online,masok virus,ransomware decryptor,djvu ransomware decryptor,ransomware download