This is a malicious software that infects systems in your computer. It is a malware entity that belongs to the Djvu ransomware family. The malware encrypts data in your computer, making it impossible to open files, images, and documents. Once files and documents on your computer are encrypted by this malicious software, the files appear with the “Moba” extension. For example, a photo initially named as ‘1.jpg’ appears as 1.jpg.moba.’
Once the Moba Ransomware infects your computer, it scans it for important files to encrypt. Some of the common information the malware encrypts include:
After the whole process is completed and all files are encrypted, the malware generates a ransom note in a “_readme.txt” within the compromised folders.
The message starts in a reassuring manner telling you that you can recover all your files. Then, they make it seem impossible, saying the files are encrypted with the strongest and most unique key.
However, there is a catch in recovering all the data. They tell you the only method of recovering the files is by purchasing a decryption key at $980. The cybercriminals will then give you a 50% discount of $490 if you pay within 72 hours.
The criminals often give you a guarantee before making the payment by asking you to send a test file. The test file is decrypted and is sent back to you within 6 hours. They even tell their victims to check the spam or junk folder for the decrypted test file. This is usually done to give the victims assurance to pay the ransom fee paid in the form of Bitcoins.
Should You Pay the Ransom?
It is strongly advised not to pay the ransom. This is because, in most cases, you will not recover your files even after paying. This usually leads to a double loss of money and important files on your computer.
The only solution is by removing the malware from the operating system. This prevents further encryptions but does not guarantee the recovery of the already encrypted data.
If there was backup storage before infection, you can easily recover the files. However, the manual removal is a lengthy and complicated process requiring advanced computer skills.
More often than not, this process involves starting your computer in a safe mode with command prompt and restoring the entire system. And then, you still need to scan your PC with relevant malware removal tools to eliminate the remaining Moba files.
Moba Ransomware Removal Instructions
Removing the Moba Ransomware does not guarantee the recovery of the encrypted files. However, there are several steps and programs you can use to remove the malware. The following are the removal instructions in their correct order:
- Use the Malwarebytes Free tool to Remove Moba ransomware
- Use HitmanPro to scan Trojans and identify other malware
- Go ahead and double-check for other malicious programs. You can use the Emsisoft Emergency Kit
- Lastly, restore all the files encrypted by the Moba ransomware
How to Remove Moba Ransomware
Removing the Moba Ransomware requires one to follow the simple steps above. You need to download Malwarebytes, a free tool capable of destroying many types of malware entities and other software programs.
The software runs alongside most antivirus without any issues. Plus, it is easy to install and once complete, you can use it to scan your computer.
A screen is then presented, showing the infections detected. Malwarebytes will then remove all the infected files and registry keys, and ask to restart your computer.
The second step involves using HitmanPro to further scan for Trojans and residues of suspicious activities. It sends suspicious files to antivirus engines for checking. The software also lists any infected files and helps clear them.
The third step is where you double-check for any malicious programs using the Emsisoft Emergency Kit. Once complete, you can then restore the encrypted files and use decryption tools like Emsisoft decryptor to restore them.
What Does Moba Ransomware Do?
The Moba ransomware will encrypt all your files and ask for a ransom to decrypt them. This is a malicious software program run by cybercriminals to extort money from you. The software is majorly distributed through:
- illegal activation
- spam campaigns
- dubious download channels
- illegitimate updaters
All the files infected by the malware will not open, and in most cases, people end up losing their data. This is even after paying the ransom. It is important to understand this software is created by criminals and paying the ransom won’t do any good.