No, he told me that he got it when he received an email, perfectly imitating his phone company email, with an "invoice" attached ... you know the rest.

 

But this would mean he doesnt use any Antivirus software, isnt he?

 

Eset has kept me pretty safe. Catching viruses that duplicate from apartial downloaded torrent right away. To save money you can just signout and use a different email with gmail and extend the 30 days, and you get full coverage and help from the forum helpers if you need it.
But system restoring eset as the main malware watchdog is a bitch.

What I suggest you do is either pay, or work your way into a private tracker group to "somewhat" ensure you've got clean prated Tor's. I'm not a fan of AudiNews making you pay in order to lift your download limit. Goodluck friend.

 

Good point,

After clicking on some suspicious link or an exe,
A virus can't encrypt your whole hdd in a second.it's impossible and takes sometimes more than an hour to complete the encryption according to your used storage capacity.

Some say the process appears as a false windows update pop-up.but you can identify it easily, those kind of encryption processes are very resource heavy they can slow down your computer. By opening task manager you can find processes that run in realtime. an unknown process that consume heavy cpu usage or disk usage is suspicious at that situation.

To immediately stop the process you can terminate process in task manager. If it doesn't work just power off the pc immediately. It will save a lot.

 

Absolutely that's why he got infected. And that's why using an antivirus is important nowadays.

You can do nothing to block that link or identify it before getting infected because those hackers use dns redirecting to imitate legit domain names.

 

Heuristic evasion techniques allow "known" virii to bypass AV detection all the time.

An AV Scanner program is NOT a panacea, and is certainly no replacement for "common sense".

 

But doing something is better than nothing right.

BTW I'm not promoting any av software but they really offer some kind of protection against common threats.(including k'd software)

Every man is not computer savvy, then they also need some assist.

 

Just for the record,
here's some official Europol tools/resources for ransomware attacks:

https://www.europol.europa.eu/newsroom/news/unhacked-121-tools-against-ransomware-single-website

https://www.nomoreransom.org/en/index.html

No mention to MOQS tho..

 

Last edited: Jul 30, 2021

You have to look for the name of the trojan family. In the case of MOQS its STOP/DJVU and the site you linked to has the Emsisoft Decryter. But as mentioned a lot of times...this only works when the files were encrypted with an offline key. And also if they have the key included in their database.

 

150 KB of each file. This is enough to corrupt files yet keep the whole attack process short. However, this encryption method also allows victims to repair certain data formats with some data loss at the beginning of the file.

what I was thinking is that files of few kb could be used to find the key and/or encryption method, invlusive if is specifically unique, using some sort of brute force over the small files, just as in the cold war a system could run different iterations, matching expected contents as vowels in plain text, xml tags, file headers, numbers, ipes, emails or url addresses, etc. the smaller the files the better as the number of iterations is smaller, for example 64**bytes, also this could be a task for a specific AI machine learning sort of task. Military grade is just jargon for encryption higher than what is done with sha256, inclusive Sandia corporation has been hacked, nuclear research, and any kind of warfare technology breached, my point is that military grade is also more fiction that you can find in movies than a reality. this reminded ,e a joke about the US
I never use antivirus, while I use a very strict and compleX firewall setting that check or upload files to virustotal, I also use other stuff if I was gonna try a crack or keygen, as shadow copies, sandboxes, vms or inclusive a dummy secondary os, it depends, the last things that I was doing was change the exe or msi of dubious files for rar and then opening with 7zip. specially the big ones, in that way i found inclusive virtual machines qemu disguised as .net or C++ libraries, russian, chinese emails or ip addresses. i am pretty biased with both countries sometimes i block by default both countries, many datacenters are hacker friendly and never answer any complain, also amazon and ovh are full of nasty stuff, bots, etc.

Anyway as others point out always backup, doesn't matter how pro you or your soft it is, you will eventually get hacked, your disks will fail and you will die too lol, always have backups