What is Moonshadow Ransomware?
A new strain of ransomware was recently spotted in the wild, named Moonshadow ransomware. The malware belongs to the VoidCrypt family of ransomware variants.
Moonshadow encrypts popular file types, including most media and archive formats, as well as documents and database files. Once Moonshadow encrypts a file, it alters its name, appending several strings after the original file name, including the victim's ID, the email used by the hackers for contact and the ".moonshadow" extension
This means that a file originally named "letter.txt" will turn into "letter.txt.(alphanumeric victim ID)(developer.110 at tutanota dot com).moonshadow.
The ransom note is dropped inside a plain text file called "Decryption-Guide.txt". The full text of the ransom note goes as follows:
Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : KEY-SE-24r6t523 or RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happened
Your Case ID : [alphanumeric string]
Our Email:developer.110 at tutanota dot com
The only thing that can be said for certain about Moonshadow is that it is not developed and operated by a native English speaker and that there is no known decryption tool released for free at this time.