MotoxLocker Virus – Remove and Restore Your Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

MotoxLocker Virus – Remove and Restore Your Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by MotoxLocker and other threats.
Threats such as MotoxLocker may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

stf-motoxlocker-motox-locker-detoxcrypto-ransomware-variant-detox-crypto-virus-croation-ransom-note-message

A ransomware crypto-virus that goes by the name of MotoxLocker was discovered by researchers from the MalwareHunterTeam. They claim that the virus is a new variant of the DetoxCrypto ransomware and that it uses the AES algorithm for encryption. Locked files do not get a new extension, and the ransom note is written in Croatian. To see how to remove this ransomware and how you can try to decrypt your files, read the article to the end.

Threat Summary

NameMotoxLocker
TypeRansomware, Crypto-Virus
Short DescriptionThe ransomware will encrypt your files with AES encryption, without adding new extensions to them.
SymptomsThe ransomware will display a ransom note in Croatian and ask around 50 euros for decryption.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by MotoxLocker

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss MotoxLocker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

MotoxLocker Virus – Infection

MotoxLocker ransomware probably uses similar ways of spreading itself like its past variants, such as the DetoxCrypto virus. Spam email campaigns are distributing the payload file of the ransomware. Such an email will try to convince you that an important message is conveyed in the attached file that comes with the email. In fact, the attached file will look like a normal document, but the malicious payload of the virus will be contained inside the very same file. If you open the contents, deem your computer machine infected and your data encrypted.

For this variant, one of the payload droppers is an executable file, named “Document.pdf.exe”. You can see its detections on VirusTotal here:

stf-motoxlocker-motox-locker-detoxcrypto-ransomware-variant-detox-crypto-virus-croatian-detections-virustotal-site-virus-total

Other infection methods for MotoxLocker could be set in motion, which utilize social media networks or file sharing services. The malware creator could have put the malicious files on any such platform, as an additional way for infection. Be careful when browsing the Web and avoid dubious e-mails, files or links. Perform checks of any file you have downloaded for its signatures, size, and perform a scan with security software. You should read more ransomware prevention tips in that forum thread.

MotoxLocker Virus – Inspection

The MotoxLocker cryptovirus is a variant of the DetoxCrypto ransomware and discovered by the MalwareHunterTeam. Interestingly enough, this variant tries to trick people that it is a security application, developed by TrendMicro:

stf-motoxlocker-motox-locker-detoxcrypto-ransomware-variant-detox-crypto-virus-croatian-code-trendmicro

Image Source: @MalwareHunterTeam

When the MotoxLocker ransomware virus drops its payload file, it probably creates entries in the Windows Registry, for retaining persistence. Those entries will set the malware to launch automatically with every boot of the Windows Operating System. From then on your files get encrypted. After all of your files become encrypted, the virus creates the file which contains the ransom message. The ransom note is written entirely in Croatian and describes the payment instructions.

stf-motoxlocker-motox-locker-detoxcrypto-ransomware-variant-detox-crypto-virus-croation-ransom-note-message

The original text reads:

Svi važni fajlovi na vašem kompjuteru su zaključani i nemoguće je razbiti enkripciju. NEMOGUĆE JE RAZBITI CryptoLocker. Ako želite fajlove natrag javite se na mail: [email protected]
NAPOMENA: Nemojte brisati ovaj program jer će biti potreban da bi vratili fajlove. Dobit ćete na mail upute i ključ koji ćete unijeti i svi fajlovi će biti vraćeni. Vrlo jednostavno, samo se javite na mail i dogovorimo se oko povratka fajlove.
Ako pokušate očistit ovaj program ili sami nešto popraviti moguće je da zauvijek oštetite i izgubite podatke zato je najbolje rješenje da se javite.
OTKUPNINA ZA SVE VAŠE FAJLOVE I TRAJNU ZAŠTITU OD SLIČNIH PROVALA JE SAMO 50€. JAVITE SE NA MAIL.

A very rough translation of the ransom message in English would be the following:

All important files on your computer are locked and it is impossible to break the encryption. It is impossible to to break this CryptoLocker. If you want the files back to contact us at mail: [email protected]
NOTE: Do not delete this program because it will be needed to restore the files. You will receive instructions in the mail and the key you enter all the files will be restored. Very simple, just contact us at mail and arrange for the return of files.
If you attempt to clean this program or yourself something to fix it is possible for all damage and loss of data because it is the best solution to contact.
RANSOM FOR ALL YOUR FILES and permanent protection of a similar break-in was only 50 €. CONTACT THE EMAIL.

The MotoxLocker ransomware sets a decryption price of 50 euros, which is not a lot, but you shouldn’t be tempted to pay under any circumstances. No guarantee exists that you will recover your files. The cybercriminals will just use the money to make a new ransomware and possibly put some of the money aside for other criminal activities. The email used as a contact is [email protected]. ProtonMail is an encrypted electronic mailing service that is used by other ransomware viruses, such as the new variant of Fantom ransomware, which does not seem related to this cryptovirus.

However, the MotoxLocker virus is part of the DetoxCrypto ransomware family and is by definition related to the following variants:

The encrypted files will not have any new extensions, prefixes or name changes, whatsoever. The ransomware uses the military AES encryption algorithm and encrypted files will have a bigger size. The malware researcher Michael Gillespie has stated that the ransomware is decryptable. Check below for a possible decryption of your data.

The MotoxLocker ransomware is highly likely to erase all Shadow Volume Copies from the Windows Operating System. Continue to read and see how you can try to decrypt some of not all of your files and turn them back to normal.

Remove MotoxLocker Virus and Restore Your Files

If your computer got infected with the MotoxLocker ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by MotoxLocker.

Note! Your computer system may be affected by MotoxLocker and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as MotoxLocker.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove MotoxLocker follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove MotoxLocker files and objects
2. Find files created by MotoxLocker on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by MotoxLocker

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...