Moba Ransomware

Did your files receive the .moba extension? If they did, your system might be infected with a malicious application called Moba Ransomware. In which case, the files with the mentioned extension should be encrypted with a strong encryption algorithm, and you should be unable to open them. File encryption is a reversible process, but it can only be undone with unique decryption tools. Unfortunately, the malware’s creators might ask to pay ransom to receive such tools, and no one else besides them might be able to provide the needed decryption means. Nevertheless, we do not advise paying the ransom or putting up with their other demands. As you see, there is a risk that they might not hold on to their end of the bargain. In which case, you would lose not just your files. We invite you to read the rest of this article to learn more about the malicious application. If you wish to delete Moba Ransomware, we recommend checking the deletion steps placed below this article.

As usual, we wish to start with where Moba Ransomware might come from. Our specialists believe that the malicious application could be spread through malicious file-sharing websites, spam emails, and fake pop-ups or ads. Also, it is likely that the malware might find a way in by exploiting vulnerabilities like weak passwords, unsecured RDP (Remote Desktop Protocol) connections, and unpatched or outdated software. Thus, what do you need to do to avoid such threats? Experts advise removing the mentioned weaknesses, securing the system with a reputable antimalware tool, and, of course, avoiding opening files and links when users are not one hundred percent sure that they are harmless. If you want to be sure that files are not malicious, make sure that they come from legit and reliable sources and scan them with a reputable antimalware tool. To identify malicious links, users should carefully check their full URL addresses and look for random parts or any details that might suggest that the link could be suspicious.

If Moba Ransomware gets in, the malware might create copies of its launcher and some other data that would allow it to function fully and stay on the system. Afterward, the malicious application should start encrypting pictures, different types of documents, and other data that could be valuable to a victim. Such files ought to receive the earlier mentioned .moba extension, while the data belonging to the operating system or other software should be left alone. By the time Moba Ransomware finishes encrypting its targeted files, it should create a ransom note called _readme.txt. If you open this document, you should see a message saying that you can get your files decrypted if you acquire decryption tools from the malware creators. The note should state that the price is 980 US dollars, but you can get the needed decryption tools with a 50 percent discount if you get in touch with the hackers within 72 hours after your device gets infected. Needless to say, there are no guarantees that you will get the promised decryption tools if you pay the ransom. Hackers are not trustworthy people, and it is known that some victims of ransomware infections get tricked in such cases.

Therefore, if you do not want to risk losing your money for some tools that you might never receive, we advise not to pay the ransom. Another thing that we highly recommend is deleting Moba Ransomware from your system. Leaving it on the device could be a mistake since the malicious application might be able to restart with the operating system, and if it does, it could encrypt new files that you could create or receive since the last encryption process. If you want to try to remove Moba Ransomware manually, you could use the instructions placed below this paragraph. However, keep in mind that it might be safer and easier to erase Moba Ransomware with a reliable antimalware tool.

Restart the computer in Safe Mode

Windows 8/Windows 10

1. Press Win+I for Windows 8 or open Start menu for Windows 10.
2. Click the Power button.
3. Tap and hold Shift, then click Restart.
4. Pick Troubleshoot and choose Advanced Options.
5. Go to Startup Settings and click Restart.
6. Click F5 to restart the PC.

Windows XP/Windows Vista/Windows 7

1. Go to Start, select Shutdown options, and pick Restart.
2. Click and hold F8 when the PC starts restarting.
3. Select Safe Mode with Networking.
4. Press Enter and log on.

Erase Moba Ransomware

1. Press Win+E.
2. Check these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Look for the threat’s installer, e.g., updatewin.exe; then right-click it and press Delete.
4. Then locate these paths:
   %USERPROFILE%\Local Settings\Application Data
   %LOCALAPPDATA%
5. Find the threat’s created directories with random names that should contain copies of the malware’s launcher (e.g., 2a9ea166-82c4-499d-9f16-9e28ac1b8ef4), right-click them, and press Delete.
6. Recheck these paths:
   %LOCALAPPDATA%
   %USERPROFILE%\Local Settings\Application Data
7. Locate files called script.ps1 or similarly, right-click them and press Delete.
8. Find this path: %WINDIR%\System32\Tasks
9. Look for a file called Time Trigger Task or similarly, right-click it and choose Delete.
10. Exit File Explorer.
11. Press Win+R.
12. Type Regedit and press Enter.
13. Go to this path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
14. Find a malicious value name, right-click it, and press Delete.
15. Exit Registry Editor.
16. Empty Recycle bin.
17. Restart the system.