Maas ransomware is yet another file-encrypting malware from the Djvu ransomware family. It adds the .maas file extension to encrypted files.
Maas ransomware is part of the same ransomware family behind Oonn, Nile, Kook, Kuus, and hundreds of more file-encrypting malware. It is a very serious infection because it encrypts files, and their recovery is not guaranteed. It adds the .maas extension to encrypted files (e.g. image.jpg.mass), and users will not be able to open these files. Once files are encrypted, it drops a ransom note _readme.txt which explains that victims need to pay $980, or $490 if contact is made within 72 hours, to get the decryption tool.
Victims are usually advised against paying the ransom because decryption tools are not always sent in exchange. And if they are, they don’t always work as they should, leaving users with encrypted files and wasted money. The only certain way to recover files is via backup, if it was made prior to the ransomware infection. Once users delete Maas ransomware, they can start recovering files. It’s important that the ransomware is not present when backup is connected/accessed because otherwise, backed up files may become encrypted as well.
Many versions of Djvu ransomware are decryptable with a free tool released by Emsisoft but it’s mostly for older versions. However, it’s worth a try for users who are out of options.
How does ransomware spread
Most ransomware use, more or less, the same distribution methods, primarily spam emails, fake updates, torrents and system vulnerabilities. If users develop good browsing habits, they should be able to avoid the majority of ransomware infections.
Spam email is a favored method among ransomware operators because it’s relatively low-effort and cheap. Cyber crooks purchase thousands of emails addresses stolen/leaked in data breaches, and send malicious emails to them in hopes that users will open the attachments and launch the ransomware. The emails carrying malware are disguised to appear somewhat legitimate, though more cautious users will usually notice that it could be malicious. For example, the emails, despite aiming to appear like official correspondence, have many spelling and grammar mistakes. Or the sender may claim to be from a known company or organization with a nonsense email address. These seemingly minor things are usually a good indication that an email may be malicious. And as a precaution, we recommend scanning unsolicited email attachments with anti-malware software or VirusTotal before opening them.
Ransomware can also be encountered on torrent sites. Many torrent sites are largely unregulated, meaning anyone can upload anything. If users insist on pirating content via torrents, they should at least take the necessary precautions to not download malware accidentally.
Installing updates is also very important as they patch known vulnerabilities that malware can use to enter a system. Enabling automatic updates whenever possible is recommended.
What does the ransomware do?
If the ransomware manages to get in, users can expect their photos, videos, documents, etc., to be encrypted. All encrypted files will have the .maas file extension, hence why this is known as Mass ransomware. Once this happens, users will be unable to open the files until they are decrypted with a specific decryption tool, which will be offered to users by the operators of this ransomware. The ransom note _readme.txt, dropped once the encryption process is finished, will explain that the only way to recover files is to buy their decryption tool for $980, or $490 if contact is made within 72 hours . Unfortunately, that statement is not wrong. While a free decryption tool for many Djvu versions is available, it will not necessarily decrypt Maas ransomware files.
Nevertheless, paying the ransom is not a good idea. Victims should keep in mind that they are dealing with cyber criminals who may not necessarily feel obligated to send a decryptor once they receive the money. Users not receiving anything, or getting a broken tool has happened numerous times in the past. Furthermore, by paying the ransom, users are making ransomware a profitable business, encouraging cyber crooks to continue.
Below is the full ransom note:
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
Your personal ID:
Ransomware is one of the reasons why it’s important to have backup. All important files should be backed up on a regular basis to prevent loss in case of infection or other situations.
Maas ransomware removal
It is necessary to use anti-malware software to remove Maas ransomware because this is a complex infection. Users should not try to manually uninstall Maas ransomware as that could bring further issues. Once the ransomware is no longer present, users can start file recovery from backup.