Moka Ransomware

What is Moka Ransomware?

If you follow the instructions presented by the attackers behind Moka Ransomware, you will contact these attackers via email, and then you will pay money to obtain a decryptor. Although these instructions may seem pretty simple, you do not want to follow them. If you do, your money will be lost, but a decryptor is unlikely to be sent to you in return. Furthermore, by exposing yourself to attackers via email, you might open a backdoor for other scams in the future. Note that infections like this ransomware are often spread using clever spam emails with harmless-looking file attachments. This is why you need to protect your email account, and you want to remove all suspicious messages that you might receive from unknown senders. You must not forget to take care of your virtual security after you delete Moka Ransomware, but, of course, we need to figure out how to eliminate this threat first.

How does Moka Ransomware work?

Once the malicious Moka Ransomware enters your operating system, it strikes your personal files right away. According to researchers at Anti-Spyware-101.com, the “.moka” extension is appended to all of the original names of the corrupted files. Of course, you cannot understand what has happened once the name of the file is changed without your notice and when once you realize that the file cannot be read. That is why the “_readme.txt” file is created. This is a simple text file that the attackers have created to deliver their message, according to which, you need to pay money to get your files decrypted. The so-called decrypt tool costs $490 within the first three days, and then the ransom is supposed to increase to $980. The ransom note also includes a link to a video on wetransfer.com that, supposedly, shows how the decryption tool works. At the time of research, the video was already deleted. While the ransom note makes it pretty clear what is expected from the victims, some important details are missing, and that is when the gorentos@bitmessage.ch and gerentoshelp@firemail.cc email addresses are introduced. As we have already mentioned, sending a message is risky.

Luckily, nowadays, many of us use external drivers and cloud storage systems to keep copies of our personal files safe and easily accessible. Do you have backups of your photos, documents, and other sensitive files as well? If you do, you are safe. All you have to do is remove Moka Ransomware, restore Windows protection, delete the original corrupted files, and, if needed, transfer the backups onto the computer. This is an easy way out. If backups are non-existent, you are in trouble. Right now, legitimate decryptors do not work with this malware, and you are unlikely to obtain the decryptor offered by the attackers. Sadly, there is a good chance that your files are lost for good. To ensure that the files you create in the future are safe, always create backups. Note that some file-encryptors can easily destroy internal backups, and so it is best not to backup files on the same system that the original files are stored on.

How to delete Moka Ransomware

Just like Nesa Ransomware, Zatrov Ransomware, Vesrato Ransomware, and many other infections from the STOP Ransomware family, Moka Ransomware is a serious threat, and even if it has destroyed all of your files, you need to delete it as quickly as possible. The sooner you clear your system, the sooner you can restore full protection and, hopefully, go back to normal day-to-day activities. Our research team has created instructions that show how to remove Moka Ransomware components manually. Can we be sure that every victim will be able to clear the system manually? Of course, we cannot, but that is an option. Another option is to install legitimate and efficient anti-malware software. This is the option we stand behind because once this software is installed, you will not need to worry about the removal of malware or the restoration of Windows security. If there is anything else you would like to discuss with our research team, please post a comment below.

Removal Instructions

1. If you can identify the launcher of the infection, Delete it ASAP.
2. Simultaneously tap Win and E keys to access Windows Explorer.
3. Enter %HOMEDRIVE% into the bar at the top.
4. Delete the file named _readme.txt and the folder named PersonalID.txt.
5. Move to %LOCALAPPDATA%.
6. Delete the ransomware folder (long random name made up of letters and numbers).
7. Empty Recycle Bin and then immediately scan your system to check for leftovers. Download Removal Tool100% FREE spyware scan and
   tested removal of Moka Ransomware*