The activity of the threat actors behind the STOP Ransomware project is not dying down, and they continue to release countless of new variants that are being spread via various means. The purpose of the Mtogas Ransomware, one of the recent STOP Ransomware variants, is to encrypt the majority of the victim’s files, and then extort them by offering to supply them with a data decryption solution.
The removal of the Mtogas Ransomware is a simple task, but doing it once the ransomware has done its job will not change much – the damage done to the file system will persist even if the source of the issue is removed. Unfortunately, the only way to undo the damage done by the Mtogas Ransomware is to run a decryption tool and configure it to use the unique decryption key that was generated during the attack. Unfortunately, that key piece of information is stored on the server of the attackers, and they are only willing to exchange it for money.
The Mtogas Ransomware’s Authors Want a Hefty Payment for a Decryptor
The Mtogas Ransomware marks the files of the victim by adding the ‘.mtogas’ extension to their name – files that were not encrypted will not be affected by this modification. Furthermore, victims of the Mtogas Ransomware also will notice the file ‘_readme.txt,’ which also is the product of the ransomware attack – it contains instructions on how to contact the perpetrators ([email protected] and [email protected]) and an offer to purchase a decryptor. The con artists want to be paid in Bitcoin, so they also offer instructions on how to exchange money for Bitcoin.
We advise you to stay away from the attackers’ offer since paying them is not a good idea – you may get tricked, and you will not be able to take your money back. Instead, you should use an anti-virus tool to eliminate the harmful application, and then look into data recovery options that do not involve co-operating with cybercriminals.