Masok ransomware (Improved Guide) - updated Nov 2019

Masok virus Removal Guide

What is Masok ransomware?

Masok – a cyber threat hailing from the infamous Djvu family and spreading another destructive virus AZORult

Masok ransomwareMasok ransomware - a ransom-demanding threat that urges $490 or $980 for the decryption software

Masok is a notorious file-encrypting malware that belongs to the ransomware family. It differs from viruses of this kind as it can not only make your files useless but can also bring the AZORult Trojan horse to the infected Windows system. Once there, the trojan can start gathering personal information and send it to the remote server.

The roots of Masok ransomware are hailing from the Djvu and STOP families. However, once the virus appears on the targeted machine, it drops its executables in the Task Manager[1] and Registry, encrypts files, marks them with the .masok extension, and urges to pay from $490 to $980 for their recovery. The ransom note which provides all information about the file recovery is saved in the _readme.txt document.

Name Masok
Type Ransomware virus
Family Djvu/STOP ransomware
Extension .masok
Ransom note _readme.txt
Price Starting from $490 if contact is made in 72 hours and ending up with $980 if the victims fail to make communication during the three day time period
Other malware This ransomware might be capable of injecting the AZORult just like other versions of STOP virus
Distribution You can experience malicious activity from this virus after opening a malicious email, hyperlink, executable, etc.
Elimination Use ReimageIntego for a full system check-up. Afterward, terminate the ransomware permanently
Data recovery If you have been looking for ways to restore encrypted data, take a look at the methods that are provided at the end of this article

Masok ransomware and similar cyber threats are commonly distributed to gain revenue. Criminals tend to scam their victims by scaring that the only way to recover encrypted data is by paying a huge ransom. They try to convince people that once the demanded price is transferred, they will immediately receive the decryption software and successfully restore blocked files:

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-2P5WrE5b9f
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
gorentos2@firemail.cc

Our Telegram account:
@datarestore
Mark Data Restore

Your personal ID:

The cybercriminals provide three ways to contact them via gorentos@bitmessage.ch or gorentos2@firemail.cc email addresses and @datarestore telegram account. However, there is always a huge risk to pay these crybercriminals while trying to recover .masok files.

What you can do is remove Masok ransomware from the system after scanning it with antimalware. Once you get rid of all malicious components and processes, you can continue with some data recovery techniques that are placed at the end of the article and might help you to bring some files/documents back to their previous states.

Masok virusMasok virus - ransomware that gets delivered via email spam

Also, you should opt for Masok removal right after spotting it on your machine because this ransomware virus might carry other malicious payloads with itself. As it is known that STOP ransomware and its variants can infect the system with the AZORult Trojan horse. If this task is implemented, there is a big risk of losing private data and becoming a victim of identity theft.

Masok ransomware can be spotted from the .masok extension and the _readme.txt message that appears on the system without being expected. Antivirus tools have been detecting the malware by using these detection names:[2]

  • Win32:PWSX-gen [Trj] (Avast).
  • Win32:PWSX-gen [Trj] (AVG).
  • Gen:Variant.Ser.Jaik.565 (BitDefender).
  • Gen:Variant.Ser.Jaik.565 (B) (Emsisoft).
  • Trojan.MulDrop9.44966 (DrWeb).
  • Trojan-Ransom.Win32.Stop.cn (Kaspersky).
  • Trojan.MalPack.GS (Malwarebytes).
  • Trojan.TR/AD.InstaBot.awy (F-secure).

It is more than clear that Masok ransomware might bring big harm to your computer system and important files. The encryption process[3] is the moment when your files are locked and the only guaranteed way to recover them is if you have their backups. However, even if you don't have backups saved in a remote location, there still is no need of paying for the crooks. Remove the malware without wasting your time and them wait until the Stop Decrypter gets updated.

Distribution tactics used by ransomware developers

According to experts from NoVirus.uk,[4] there are many unsecured sources from which ransomware and other malware might reach your computer system. However, the most popular places where you might ransomware are odd websites such as email spam, p2p networks, gambling, gaming, and porn web pages. Read the steps below and know how to protect yourself:

  • Manage your email. Erase all messages that have fallen to your spam section and carefully manage all emails in your inbox sector. This means checking the sender, spotting possible grammar mistakes, and scanning attachments with AV.
  • Keep a distance from secondary networks. Pages that are supported by third-parties are usually sources that lack protection and allow criminals to inject malicious objects into unprotected hyperlinks and similar locations.
  • Download reputable antimalware. If you do not have a trustworthy antivirus program installed on your computer system, you will supposedly run into big trouble, sooner or later. Make sure to purchase a tool that includes various protective features and keep it always updated.

Using the combination of manual and automatical protection measures is the best option for preventing secret malware infiltration and keeping your computer, software, personal information, and various files safe from corruption/theft.

Masok ransomware virusMasok ransomware is another malware strain that comes from the Djvu family

Masok ransomware virus elimination guidelines for non-skilled and advanced users

Masok ransomware removal is a process that can be completed by both less-experienced and highly-skilled users. However, no manual actions should be taken by any kind of person as the entire system can be put at risk. The automatical technique is the only one that should be used here. For that, you need to employ reputable software for Masok removal together with all infected files. Besides, performing a full system check-up is also a necessary step to take as the malware can modify system components. For that, use ReimageIntego.

To doublecheck the system for ransomware, use SpyHunter 5Combo Cleaner, or Malwarebytes. Once the software provides you with the results, you will know what kind of actions to take towards the elimination process. After you remove Masok ransomware properly, take a look at the below-provided data recovery software that might allow you to restore some files.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Masok virus. Follow these steps

Manual removal using Safe Mode

Reboot to Safe Mode with Networking to stop malicious processes that have been recently provoked by Masok ransomware virus.

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

Remove Masok using System Restore

Use System Restore to reverse some changes initiated by the malware and get a chance to launch anti-virus. Follow the steps below to prevent anything malicious from running.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Masok. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with ReimageIntego and make sure that Masok removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Masok from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

.masok files have a chance to be reversed by using some data recovery software that is provided below. Carefully read throughout each method and choose the most suitable one for you.

If your files are encrypted by Masok, you can use several methods to restore them:

Use Data Recovery Pro software for reversing some files/documents back to their previous positions.

If you try using this third-party tool exactly as shown in the instructing guide, you might succeed and recover some of your documents and files that have been touched by Masok ransomware virus.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Masok ransomware;
  • Restore them.

Windows Previous Versions feature is suitable for file restoring tasks:

Using this software might allow you to restore some of your data that was encrypted by the malware. However, ensure that you have booted your computer to System Restore earlier.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try the Shadow Explorer tool for reversing files back to their primary states:

If the ransomware virus did not touch Shadow Volume Copies of your encrypted files, using this software gives you the possibility of restoring them to the same position as they were before the malware attack.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

STOP ransomware decrypter hasn't been updated yet

Even though no official decryptor has been released directly to unlock .masok files, you can download and give a try to the STOP ransomware decryption software.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Masok and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.

 

Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

References