I wrote this article to help you remove MOTD Ransomware. This MOTD Ransomware removal guide works for all Windows versions.
MOTD ransomware is a win-locker virus which targets both files and web browsers. As the ransom note states, the malevolent program has encrypted the files from all user accounts on your computer, the databases, and websites. You will not be able to open your documents, archives, images, videos, audios, databases, and programs. MOTD ransomware will not allow you to surf the web, either. The clandestine program engages a complete lockdown on the system, holding it hostage until the victim meets the demands of the attackers.
Like most win-lockers, MOTD ransomware conducts the encryption on the background. The furtive program works quickly which makes it near impossible for the victim to react. Before you know it, your computer will have been rendered inaccessible. MOTD ransomware adds the .enc suffix to the names of the affected files. This appendix stands for “encrypted”. After completing the process of locking your personal files and your browser, the covert program will rear its ugly head. The virus comes out into the light only after it has inflicted irreversible damage to the targeted device.
MOTD ransomware announces its presence through a ransom note. Upon completing the encryption, the win-locker drops the notification on the desktop. The file is titled motd.txt. The hackers elaborate what they have done and for what purpose. The ultimate goal is to have the victim pay a certain sum. The fraud artists use scare tactics to pressure users into paying the ransom. They imply that the only way to solve the issue is by cooperating. The note states that MOTD ransomware has used advanced cryptography to perform the encryption. Of course, the goal is to convince people that they have no other alternative if they want to get their data back.
Security experts have examined the malicious program to find out what it is that makes it tick. Their analysis has lead to the discovery that MOTD ransomware deploys a combination of RSA and AES ciphers. This particular combination is a common choice for ransomware developers and for a good reason. These two algorithms are regarded as the most advanced. History has shown that the coding scheme they create is hard to crack. Despite this fact, we do not advise users to pay cyber criminals. Agreeing to collaborate holds a big risk. The hackers may not complete their end of the deal. If this happens, you will end up losing even more than you originally did.
The payment method is secure for the thieves. They require victims to pay a sum of 2 bitcoins. This converts to $2178.94 USD, according to the current exchange rate. The bitcoin cryptocurrency is an alternative monetary unit which has been growing in popularity because of its convenience and high level of security. Bitcoin stores do not require users to provide personal details. Furthermore, they do not support tracking. The transfer to a bank account is impossible to trace, even by the owners of the platform. The concept behind cryptocurrencies is to provide a secure method for transferring money online. This protection has been misused by cyber criminals who take advantage of it to protect their identity.
The only piece of information the owners of MOTD ransomware have disclosed is an email address. They use the following account for correspondence: sook2serit@seznam.cz. We can assume that the hackers are from the Czech Republic, judging by the email client. The insidious program generates a unique 7-character UID (user ID) for every infected machine. The developers of MOTD ransomware require victims to send them the UID per email. The message is sent as a request to receive payment instructions. The ransom note does not list the bitcoin wallet address of the cyber crooks or state the amount of the ransom.
Our advice is not to comply. Even if the hackers provide the decryption key, they could have MOTD ransomware conduct a second attack. Performing a decryption and uninstalling the program are two different processes. Furthermore, we urge you to be careful when surfing the web. Infections lurk in every corner. MOTD ransomware, in particular, uses spam emails to penetrate users’ computers. The secluded program hides behind attachments, listed as important documentation. The spammer behind the fake letter can try to convince you that the message is legitimate in many ways. He can write on behalf of a reputable entity, copy the organization’s logo and contacts, and use a template to make it seem genuine. The best indication for the reliability of an electronic message is the email address.
MOTD Ransomware Removal
Method 1: Restore your encrypted files using ShadowExplorer
Usually, MOTD Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since MOTD Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:
