Severity scale:  

Remove Masok ransomware (Improved Guide) - updated Nov 2019

removal by Ugnius Kiguolis - - | Type: Ransomware

Masok – a cyber threat hailing from the infamous Djvu family and spreading another destructive virus AZORult 

Masok ransomwareMasok ransomware - a ransom-demanding threat that urges $490 or $980 for the decryption software

Masok is a notorious file-encrypting malware that belongs to the ransomware family. It differs from viruses of this kind as it can not only make your files useless but can also bring the AZORult Trojan horse to the infected Windows system. Once there, the trojan can start gathering personal information and send it to the remote server.

The roots of Masok ransomware are hailing from the Djvu and STOP families. However, once the virus appears on the targeted machine, it drops its executables in the Task Manager[1] and Registry, encrypts files, marks them with the .masok extension, and urges to pay from $490 to $980 for their recovery. The ransom note which provides all information about the file recovery is saved in the _readme.txt document.

Name Masok
Type Ransomware virus
Family Djvu/STOP ransomware
Extension .masok
Ransom note _readme.txt
Price Starting from $490 if contact is made in 72 hours and ending up with $980 if the victims fail to make communication during the three day time period
Other malware This ransomware might be capable of injecting the AZORult just like other versions of STOP virus
Distribution You can experience malicious activity from this virus after opening a malicious email, hyperlink, executable, etc.
Elimination Use Reimage Reimage Cleaner Intego for a full system check-up. Afterward, terminate the ransomware permanently
Data recovery If you have been looking for ways to restore encrypted data, take a look at the methods that are provided at the end of this article

Masok ransomware and similar cyber threats are commonly distributed to gain revenue. Criminals tend to scam their victims by scaring that the only way to recover encrypted data is by paying a huge ransom. They try to convince people that once the demanded price is transferred, they will immediately receive the decryption software and successfully restore blocked files:


Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:
Mark Data Restore

Your personal ID:

The cybercriminals provide three ways to contact them via or email addresses and @datarestore telegram account. However, there is always a huge risk to pay these crybercriminals while trying to recover .masok files.

What you can do is remove Masok ransomware from the system after scanning it with antimalware. Once you get rid of all malicious components and processes, you can continue with some data recovery techniques that are placed at the end of the article and might help you to bring some files/documents back to their previous states.

Masok virusMasok virus - ransomware that gets delivered via email spam

Also, you should opt for Masok removal right after spotting it on your machine because this ransomware virus might carry other malicious payloads with itself. As it is known that STOP ransomware and its variants can infect the system with the AZORult Trojan horse. If this task is implemented, there is a big risk of losing private data and becoming a victim of identity theft.

Masok ransomware can be spotted from the .masok extension and the _readme.txt message that appears on the system without being expected. Antivirus tools have been detecting the malware by using these detection names:[2]

  • Win32:PWSX-gen [Trj] (Avast).
  • Win32:PWSX-gen [Trj] (AVG).
  • Gen:Variant.Ser.Jaik.565 (BitDefender).
  • Gen:Variant.Ser.Jaik.565 (B) (Emsisoft).
  • Trojan.MulDrop9.44966 (DrWeb).
  • (Kaspersky).
  • Trojan.MalPack.GS (Malwarebytes).
  • Trojan.TR/AD.InstaBot.awy (F-secure).

It is more than clear that Masok ransomware might bring big harm to your computer system and important files. The encryption process[3] is the moment when your files are locked and the only guaranteed way to recover them is if you have their backups. However, even if you don't have backups saved in a remote location, there still is no need of paying for the crooks. Remove the malware without wasting your time and them wait until the Stop Decrypter gets updated.

Distribution tactics used by ransomware developers

According to experts from,[4] there are many unsecured sources from which ransomware and other malware might reach your computer system. However, the most popular places where you might ransomware are odd websites such as email spam, p2p networks, gambling, gaming, and porn web pages. Read the steps below and know how to protect yourself:

  • Manage your email. Erase all messages that have fallen to your spam section and carefully manage all emails in your inbox sector. This means checking the sender, spotting possible grammar mistakes, and scanning attachments with AV.
  • Keep a distance from secondary networks. Pages that are supported by third-parties are usually sources that lack protection and allow criminals to inject malicious objects into unprotected hyperlinks and similar locations.
  • Download reputable antimalware. If you do not have a trustworthy antivirus program installed on your computer system, you will supposedly run into big trouble, sooner or later. Make sure to purchase a tool that includes various protective features and keep it always updated.

Using the combination of manual and automatical protection measures is the best option for preventing secret malware infiltration and keeping your computer, software, personal information, and various files safe from corruption/theft.

Masok ransomware virus

Masok ransomware virus elimination guidelines for non-skilled and advanced users

Masok ransomware removal is a process that can be completed by both less-experienced and highly-skilled users. However, no manual actions should be taken by any kind of person as the entire system can be put at risk. The automatical technique is the only one that should be used here. For that, you need to employ reputable software for Masok removal together with all infected files. Besides, performing a full system check-up is also a necessary step to take as the malware can modify system components. For that, use Reimage Reimage Cleaner Intego.

To doublecheck the system for ransomware, use SpyHunter 5Combo Cleaner, or Malwarebytes. Once the software provides you with the results, you will know what kind of actions to take towards the elimination process. After you remove Masok ransomware properly, take a look at the below-provided data recovery software that might allow you to restore some files.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Masok virus, follow these steps:

Remove Masok using Safe Mode with Networking

Reboot to Safe Mode with Networking to stop malicious processes that have been recently provoked by Masok ransomware virus.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Masok

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Masok removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Masok using System Restore

Use System Restore to reverse some changes initiated by the malware and get a chance to launch anti-virus. Follow the steps below to prevent anything malicious from running.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Masok. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Masok removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Masok from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

.masok files have a chance to be reversed by using some data recovery software that is provided below. Carefully read throughout each method and choose the most suitable one for you.

If your files are encrypted by Masok, you can use several methods to restore them:

Use Data Recovery Pro software for reversing some files/documents back to their previous positions.

If you try using this third-party tool exactly as shown in the instructing guide, you might succeed and recover some of your documents and files that have been touched by Masok ransomware virus.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Masok ransomware;
  • Restore them.

Windows Previous Versions feature is suitable for file restoring tasks:

Using this software might allow you to restore some of your data that was encrypted by the malware. However, ensure that you have booted your computer to System Restore earlier.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try the Shadow Explorer tool for reversing files back to their primary states:

If the ransomware virus did not touch Shadow Volume Copies of your encrypted files, using this software gives you the possibility of restoring them to the same position as they were before the malware attack.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

STOP ransomware decrypter hasn't been updated yet

Even though no official decryptor has been released directly to unlock .masok files, you can download and give a try to the STOP ransomware decryption software.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Masok and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding Masok ransomware