Share on facebookFacebook
Share on twitterTwitter
Maoloa ransomware apparently appears to be a member of the GlobeImposter ransomware family. But it is not confirmed if Maoloa is in fact part of the GlobeImposter family. But in a deeper look at the malware, it appears to be a variation of the Russian Scarab ransomware.
The first appearance of the group was in 2019, the group was offering its malware on forums on the Dark Web, this shows that apparently the group acts with the RaaS (Ransomware a as Service) tactic which is outsourcing attacks.
There are records of several attacks made by the group, the group chose to amplify their scope of action, making people and companies become their targets.
The group was the author of an attack on a Romanian hospital in 2019. The group mainly uses spam email campaigns. These emails contain an executable file attached to it. After the file is downloaded, the ransomware is installed.
After installation, the ransomware immediately starts mapping the files that will be encrypted. The .maoloa extension is added to the affected files, but there are variations that add the .shelbyboom extension.
After the ransomware finishes the encryption, a file named “HOW BACK YOUR FILES.txt” is generated in which it leaves the terms for ransom payment to recover the files. The group keeps the decryption key on a remote server.
The payment of ransom is not recommended under any circumstances, today, there are options to payment as the recovery of encrypted data, made by specialized companies such as Digital Recovery.
Digital Recovery specializes in the recovery of files encrypted by ransomware, in any storage device, such as: HDDs, SSD, Database, Servers, Storages (NAS, DAS and SAN), RAID systems of any level, among others.
We have developed exclusive solutions, which enable us to recover any ransomware extension. We act in cases of high complexity, all our processes were developed based on the General Data Protection Regulation (GDPR).
All our processes are highly confidential, we guarantee this through the confidentiality agreement (NDA).
We can recover data remotely, this solution is available for any country in the world. We also have an emergency recovery mode, in which our laboratories operate with 24/7 availability.
Contact us and start advanced diagnostics now.