Moisha Ransomware Uses Tox Messenger for Contact

Moisha ransomware is the name of a newly discovered strain of file-encrypting malware. The new variant does not seem to belong to any larger family of ransomware clones.

Moisha encrypts files on the victim's computer, sweeping across all connected drives and deleting shadow copies in the process. Encrypted files include almost every extension and file type that is not essential to the system's continued operation. This includes archives, documents, databases and media files.

In contrast with nearly every other ransomware strain, and to make things even more confusing, the Moisha ransomware makes no alteration to the names and extensions of files that are encrypted. If a file was called "document.doc" before encryption, it will remain exactly the same after it has been encrypted. This makes it practically impossible to distinguish between encrypted and non-encrypted files.

The ransom note is dropped inside a file called "!!!READ TO RECOVER YOUR DATA!!!.txt" and goes as follows:

Hi [username], this is Moisha!

What happened?

All just our Poles Testers team penetrated your network!

What do we want? We want money for our silence and decrypting your files!

What did we do?, We entered your corporate network, stole your work files among them the source codes

of your projects! Leaving, we encrypted them, more than you are sure of you have their copy!

What do we do? We will contact your every client, and let us inform you that you were hacked and all

your customers are now at risk working with the programs of whose source code we have!

What to do that all this would not be and return all to places?

All we just want money, namely 55.5555 dollars, for our silence and decryption of your network.

What will happen if you do not get in touch? :

We will publish part of the source of your projects (this will cause reputational harm to your company)

We will sell part of the sources to your competitors or anyone who wants to buy them!

We are knitted with everyone who works with you or has any connection with your company, be your

partners or clients of your company.

We will report to regional news that you were hacked!

All this can be avoided, how?

You get in touch with us.

We agree in the first 48 hours it will be fast!

You pay the agreed amount.

We restore everything that we encrypted.

We will return your source codes to you and will not publish them on forums and sell them to second

and third parties.

Make sure that we are not the time you wash, looking at the provider’s report and understand that all

your sources and projects merged from you !!

We have downloaded all your program sources! over 200 gigabytes! Don't delay! we are waiting for you at

the negotiations, we will be able to confirm the availability of your files!

You can contact us:

To quickly communicate, use mail (Robertmulder_1969@Proton.me Hefmyra-1963@Proton.me)

- Use the Tox Messenger, You Can download heere hxxps://tox.chat/

to comunicate with the Operator Via Tox Messenger:

Moisha Id Operator in Tox Messenger

[alphanumeric string]

Sincerely MOISHA !!