MOTD Virus Remove and Restore .enc Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

MOTD Virus Remove and Restore .enc Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by MOTD and other threats.
Threats such as MOTD may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article is created to help you remove MOTD ransomware and restore .enc files encrypted by the virus on your computer, if it is infected by this threat.

A ransomware virus using a combination of the AES and RSA ciphers has been detected to encode user files adding the .enc file extension to them and making them no longer openable. The ransomware infection also performs multiple other modification, such as dropping a ransom note, named motd.txt in which the cyber-criminals demand users to send unique ID to their e-mail [email protected]. Then, the victim is demanded to pay the sum of 2 BTC to get the encrypted files back. In case your computer has been infected by MOTD ransomware, we advise you to focus on reading this article thoroughly.

Threat Summary

Name

MOTD

TypeRansomware
Short DescriptionThis ransomware encrypts files based on RSA and AES ciphers. After this demands a hefty ransom payoff.
SymptomsThe user may witness ransom notes and “instructions” linking to a web page and a decryptor. Changed file names and the file-extension .enc has been used.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by MOTD

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss MOTD.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

MOTD Ransomware – How Does It Spread

For the infection process, this virus may use different distribution techniques. The primary version on which experts are working is spam messages sent out via various e-mail addresses used by spammers. These accounts and e-mail spam are the most effective method of infection with ransomware viruses. They usually either contain a malicious web link, causing the infection via a browser redirect or the most often met case, a malicious archive with the infection file inside, like the example below displays:

As seen above, most of the spammed messages are usually spread along with different deceitful messages that trick inexperienced users to open the attachments which are either executable files or documents with malicious macros enabled.

Other forms of replication also include using malicious downloads, fake update setups and other game cracks, patches and fixes, uploaded on suspicious websites.

MOTD Ransomware – Infection Process

After the user opens a malicious file by MOTD ransomware, the inevitable happens. The virus connects to the following remote host:

→50.56.221.73

After already connected to it, the malware begins to download the payload, which consists of malicious executable and may have multiple other files alongside it. The files may be under different names, for example “motd” and be located in the usually targeted Windows folders:

After this has been done, the ransomware may delete any shadow copies or other backups on the encrypted machine. This is usually achievable by executing the vssadmin command in Windows administrative mode.

After this has been performed, MOTD ransomware may also perform other modifications on the affected computer, such as modify the Windows Registry Entries, by adding values with custom data in them. The most often attacked registry entries are the ones which contain the function to run malicious files on system start-up:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

MOTD Ransomware – Encryption Process

The encryption process of MOTD is conducted with the assistance of two primary encryption algorithms:

  • Advanced Encryption Standard (AES)
  • Rivest Shamir Adleman (RSA)

The purpose of the encryption algorithms is to replace data of the original files, more specifically chunks of it with data from the encryption algorithm. The data which is replaced renders the files no longer openable. The encrypted files look like the following:

After encryption is complete, the following ransom message is added to notify the user of the situation:

!WARNING!
YOU ARE INFECTED
WITH THE MOST CRYPTOGRAPHIC ADVANCED RANSOMWARE
All your data of all your users, all your databases and all your Websites are encrypted
Send your UID to e-mail: [email protected]
YOUR UUID IS: {UNIQUE ID}
!WARNING!

Remove MOTD Ransomware and Restore Encrypted .enc Files

For the removal of MOTD ransomware, we recommend following the removal instructions at the bottom of this article. For maximum effectiveness the malware researching experts recommend using an advanced anti-malware tool which will automatically delete this threat.

For the file restoration, it is advisable to focus on trying out alternative methods, like the ones mentioned in step “2. Restore files encrypted by MOTD” below, since at this point there is no official decryption. We will continue to track the threat and update this article if there is a free decryptor released in the meantime.

Note! Your computer system may be affected by MOTD and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as MOTD.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove MOTD follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove MOTD files and objects
2. Find files created by MOTD on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by MOTD

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...