MOTD Ransomware Complete Removal Guide and Detailed Description

The MOTD Ransomware is a typical RSA-encrypting malware which you can easily deal with by following our in-depth removal guide.

MOTD Ransomware Description

Experts discovered a new virus threat known as the MOTD ransomware which has been created by an unknown hacker. The initial security analysis does not show any correlation between it and any of the famous malware families.

Its interesting to note that its encryption engine uses the RSA cipher instead of AES. This probably means that the hacker(s) behind the virus designed it in a slightly different manner than other similar threats. While the security analysis does not reveal any additional features we might see evolved versions of it that can be utilized in the attack. Examples include the following:

  • Remote Access – The criminal operators can institute a remote access Trojan which can be used to actively spy on the users activity.
  • Additional Payload Delivery – The MOTD ransomware can be used to deliver additional malware to the infected computer.
  • Information Harvesting – Modules such as file stealing and browser data extraction can be built into evolved versions of the MOTD ransomware.

The name of the virus seems to come from the acronym MOTD – Message Of The Day which is a well-known feature in many operating systems and network services.

Upon infection it starts its encryption engine which targets sensitive user data. At the moment we do not have the full list of affected file type extensions however we pressume that the engine targets the most widely used file type extensions – documents, photos, videos, archives, music and etc. All of the affected data receive the .enc extension.

A ransomware note is crafted in a motd.txt file:

!WARNING!
YOU ARE INFECTED
WITH THE MOST CRYPTOGRAPHIC ADVANCED RANSOMWARE
All your data of all your users, all your databases and all your Websites are encrypted
Send your UID to e-mail: [email protected]
YOUR UUID IS: 28***
!WARNING!

Like other threats the virus engine assigns a unique ID to each infected computer.

MOTD Ransomware Distribution

The virus has been found to infect web servers as well as individual users. Some of the known infections were made through vulnerable plugins for the popular content management system WordPress.

It seems that the primary infection route of the MOTD ransomware comprise of automated vulnerability testing frameworks (exploit kits) or direct hacker intrusion attempts.

The virus can also be spread using some of the well-known typical infection routes which include the following:

  • Download Sites, Portals & P2P Networks – Computer criminals frequently use hacker-controlled or compromised sites and portals to distribute the virus strains. As P2P networks are one of the primary download sources for a variety of content. The MOTD Ransomware can also be found posing as legitimate software on BitTorrent trackers.
  • Email Spam – Hackers utilize email messages which contain the virus as an attachment or link to infected files in the body of the message. There are different configurations, however one of the most popular ones employ infected Office documents that pose as being sent by a legitimate company or institution.
  • Infected Software – The virus can be found in bundled software installers that pose as popular freeware and trial versions of well-known games, applications, utilities and patches.
  • Malicious Scripts & Browser Hiackers – Browser hijackers and hacker-operated scripts and ad networks can lead to dangerous redirects or the direct download an execution of the virus binary.

Summary of the MOTD Ransomware


Name
MOTD Ransomware

File Extensions
.enc

Ransom
Varies

Easy Solution
You can skip all steps and remove MOTD Ransomware ransomware with the help of an anti-malware tool.

Manual Solution
MOTD Ransomware ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
Spam Email Campaigns, malicious ads & etc.

MOTD Ransomware Ransomware Removal

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely MOTD Ransomware Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of MOTD Ransomware requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete MOTD Ransomware ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover MOTD Files

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

How To Restore MOTD Files

    1) Use present backups
    2) Use professional data recovery software

      Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps


restore-files-using-system-restore-point

    4) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts