Ransomware Maoloa

The Maoloa ransomware apparently appears to be a member of the GlobeImposter ransomware family. But it is not confirmed whether Maoloa is in fact part of the GlobeImposter family. But in a deeper look at the malware, it appears to be a variation of the Russian Scarab ransomware.

The first appearance of the group was in 2019, the group was offering its malware on forums on the Dark Web, this shows that apparently the group acts with the RaaS (Ransomware a as Service) tactic which is outsourcing attacks.

There are records of several attacks done by the group, the group has chosen to amplify their field of action, making people and companies become their targets.

The group authored an attack on a Romanian hospital in 2019. The group primarily uses spam email campaigns. These emails contain an executable file attached to it. After the file is downloaded, the ransomware is installed.

After installation, the ransomware immediately starts mapping the files that will be encrypted. The .maoloa extension is added to the affected files, but there are variations that add the .shelbyboom extension.

After the ransomware finishes the encryption a file with the name “HOW BACK YOUR FILES.txt” is generated in it and left with the terms for paying the ransom to get the files back. The group keeps the decryption key on a remote server.

Payment of the ransom is not recommended under any circumstances, today, there are options to payment such as recovery of encrypted data, done by specialized companies like Digital Recovery.

Recover Files Encrypted by Maoloa Ransomware

Digital Recovery specializes in the recovery of files encrypted by ransomware on any storage device, such as: HDDs, SSDs, Databases, Servers, Storages (NAS, DAS and SAN), RAID systems of any level, among others.

We have developed exclusive solutions, which enable us to recover any ransomware extension.

All our processes are highly confidential; we guarantee this through the confidentiality agreement (NDA).

We can recover data remotely; this solution is available for any country in the world. We also have an emergency recovery mode, in which our labs operate with 24/7 availability.

Contact us and start advanced diagnostics now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.