Severity scale:  

Remove Masok ransomware (Free Instructions) - Virus Removal Guide

removal by Ugnius Kiguolis - - | Type: Ransomware

Masok ransomware – a ransom-demanding threat that might carry AZORult virus 

Masok ransomware
Masok ransomware - a ransom-demanding threat that urges $490 or $980 for the decryption software

Masok ransomware is a notorious file-encrypting malware that might bring AZORult Trojan virus to the infected Windows system. The roots of this ransomware virus are located in the Djvu and STOP families. Once Masok virus appears on the targeted machine, bogus alterings are performed in the Task Manager[1] and Registry sections. Continuously, files appear with the .masok extension and ransom urges from $490 to $980 that are provided in the _readme.txt document.

Masok ransomware might bring big harm to your computer system and important files/documents. The encryption process[2] is the moment when your files might be permanently lost if you did not have them backed up earlier. However, even if you did not get the data stored on remote devices or server, there still is no need of taking the crooks' offer to purchase a decryptor.

Name Masok
Type Ransomware virus
Family Djvu/STOP ransomware
Extension .masok
Ransom note _readme.txt
Price Starting from $490 if contact is made in 72 hours and ending up with $980 if the victims fail to make communication during the three day time period
Other malware This ransomware might be capable of injecting the AZORult just like other versions of STOP virus
Distribution You can experience malicious activity from this virus after opening a malicious email, hyperlink, executable, etc.
Elimination Use Reimage for a full system check-up. Afterward, terminate the ransomware permanently
Data recovery If you have been looking for ways to restore encrypted data, take a look at the methods that are provided at the end of this article

Masok ransomware and similar cyber threats are commonly distributed for revenue-gaining purposes. Criminals tend to scam their victims by providing them with huge ransom urges and trying to convince people that once the demanded price is transferred, they will immediately receive the decryption software and successfully restore blocked files:


Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:
Mark Data Restore

Your personal ID:

The cybercriminals provide even three ways to contact them and two of these are, email addresses and one @datarestore telegram account. However, the best way to recover .masok files is definitely not paying the creators of Masok ransomware.

What you can do is remove Masok ransomware from the system after scanning it with antimalware such as Reimage. Once you get rid of all malicious components and processes, you can continue with some data recovery techniques that are placed at the end of the article and might help you to bring some files/documents back to their previous states.

Masok virus
Masok virus - ransomware that gets delivered via email spam

Also, you should opt for Masok removal right after spotting it on your machine because this ransomware virus might carry other malicious payloads with itself. As it is known that STOP ransomware and its variants are the carriers of AZORult Trojan horse, there is a big risk that this file-locking threat is capable of doing the same.

Masok ransomware can be spotted from the .masok extension and the _readme.txt message by the user himself/herself. However, if you use an antivirus tool for detecting the malware, you might be provided with these types of detection names:[3]

  • Win32:PWSX-gen [Trj] (Avast).
  • Win32:PWSX-gen [Trj] (AVG).
  • Gen:Variant.Ser.Jaik.565 (BitDefender).
  • Gen:Variant.Ser.Jaik.565 (B) (Emsisoft).
  • Trojan.MulDrop9.44966 (DrWeb).
  • (Kaspersky).
  • Trojan.MalPack.GS (Malwarebytes).
  • Trojan.TR/AD.InstaBot.awy (F-secure).

Distribution tactics used by ransomware developers

According to experts from,[4] there are many unsecured sources from which ransomware and other malware might reach your computer system. However, the most popular places where you might ransomware are odd websites such as email spam, p2p networks, gambling, gaming, and porn web pages. Read the steps below and know how to protect yourself:

  • Manage your email. Erase all messages that have fallen to your spam section and carefully manage all emails in your inbox sector. This means checking the sender, spotting possible grammar mistakes, and scanning attachments with AV.
  • Keep a distance from secondary networks. Pages that are supported by third-parties are usually sources that lack protection and allow criminals to inject malicious objects into unprotected hyperlinks and similar locations.
  • Download reputable antimalware. If you do not have a trustworthy antivirus program installed on your computer system, you will supposedly run into big trouble, sooner or later. Make sure to purchase a tool that includes various protective features and keep it always updated.

Using the combination of manual and automatical protection measures is the best option for preventing secret malware infiltration and keeping your computer, software, personal information, and various files safe from corruption/theft.

Masok ransomware virus

Masok ransomware virus elimination guidelines for non-skilled and advanced users

Masok ransomware removal is a process that can be completed by both less-experienced and highly-skilled users. However, no manual actions should be taken by any kind of person as he/she might put your entire system at risk of damage.

The automatical technique is the only one that should be used here and you need to employ reputable software for uninstalling Masok virus also. Besides, performing a full system check-up is also a necessary step to take.

You can scan your machine by downloading and installing a program such as Reimage, SpyHunter 5Combo Cleaner, or Malwarebytes. Once the software provides you with the results, you will know what kind of actions to take towards the elimination process. After you remove Masok ransomware properly, take a look at the below-provided data recovery software that might allow you to restore some files.

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Masok virus, follow these steps:

Remove Masok using Safe Mode with Networking

Activate Safe Mode with Networking while rebooting your computer system. These settings might allow you to stop malicious processes that have been recently provoked by Masok ransomware virus.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Masok

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Masok removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Masok using System Restore

Boot your computer with System Restore and reverse some changes that were completed by the malware. Follow the below-provided instructing steps to prevent anything malicious from continuing.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Masok. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Masok removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Masok from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

.masok files have a chance to be reversed by using some data recovery software that is provided below. Carefully read throughout each method and choose the most suitable one for you.

If your files are encrypted by Masok, you can use several methods to restore them:

Use Data Recovery Pro software for reversing some files/documents back to their previous positions.

If you try using this third-party tool exactly as shown in the instructing guide, you might succeed and recover some of your documents and files that have been touched by Masok ransomware virus.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Masok ransomware;
  • Restore them.

Windows Previous Versions feature is suitable for file restoring tasks:

Using this software might allow you to restore some of your data that was encrypted by the malware. However, ensure that you have booted your computer to System Restore earlier.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try the Shadow Explorer tool for reversing files back to their primary states:

If the ransomware virus did not touch Shadow Volume Copies of your encrypted files, using this software gives you the possibility of restoring them to the same position as they were before the malware attack.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Even though no official decryptor has been released directly to unlock .masok files, you can download and give a try to the STOP ransomware decryption software.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Masok and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding Masok ransomware