A ransomware named Mogranos file virus is another development of cyber criminals. The principle of its functioning and the method of distribution is the same as in the case of the Nelasod, Format, Access and so on, the only difference is the .mogranos extension appended to the photos, documents and music that are affected by it.
Files encrypted by Mogranos ransomware virus
Mogranos ransomware was made by cybercriminals to encrypt various files on the user’s PC system using a complex encryption algorithm, which makes it impossible for the user to independently decrypt the affected files that have received .mogranos extension. Mogranos ransomware can encrypt almost all types of files, including common as:
.wbmp, .rtf, .dcr, .litemod, .x3f, .dng, .wmo, .ncf, .pptx, .xlsm, .big, .wmd, .zdb, .layout, .rb, .odp, .ltx, .wot, .cdr, .fsh, .rofl, .xyp, .sidd, .rgss3a, .bay, .bkp, .psk, .gdb, .wmv, .sidn, .wb2, .1st, .kdc, .txt, .esm, .psd, .x, .wsh, .xpm, .xmmap, .cer, .zif, .pkpass, .wp7, .p7c, .wpl, .pdf, .t13, .icxs, .zabw, .wm, .iwi, .wps, .x3f, .sie, .odm, .2bp, .crt, .pem, .r3d, .mddata, .odc, .xlk, .wire, .menu, .itm, .raw, .das, .wotreplay, .pfx, .wma, .epk, .xld, .accdb, .wma, .mdb, .1, .lbf, .nrw, .wsc, .iwd, .wbz, .tor, .wn, .eps, .js, .rar, .sis, .webdoc, .ods, .vtf, .indd, .xbdoc, .wri, .pst, .wsd, .wpt, .zip, .wpg, .xar, .wbc, .xlsx, .xll, .mrwref, .ppt, .mdf, .desc, .tax, .xdl, .py, .css, .dbf, .d3dbsp, .forge, .xxx, .yal, .hkdb, .m2, .xx, .pdd, .png, .vdf, .sr2, .cfr, .xdb, .orf, .ztmp, .dmp, .wcf, .0, .wgz, .blob, .apk, .slm, .dba, .rwl, .xml, .ntl, .ptx, .dxg, .z3d, .itl, .pef, .xls, .sb, .mp4, .wdp, .mcmeta, .zdc, .bik, .wmv, .y, .srf, .xls, .ai, .wdb, .xf, .syncdb, .wbm, .3dm, .bc7, .hkx, .vcf, .xwp, .arw, .doc, .wp6, .xlsb, .rim, .wbk, .der, .wpa, .docm, .gho, .hplg, .p7b, .xlgc, .webp, .zi, .cas, .ibank, .svg, .vpp_pc, .crw, .wpw, .bkf, .w3x, .xbplate, .wav, .mef, .xlsx, .m3u, .sav, .ff, .xmind, .lrf, .3fr, .wp4, .mov, .fos, .vpk, .pak, .srw, .mlx, .map, .3ds, .jpg, .fpk, .csv, .wpd, .snx
Mogranos virus overwrites most of the content of the original files with the encrypted data and appends the .mogranos extension to every encrypted file. The user who sees the files with .mogranos extension understands that they are locked and will remain so until he pays the attackers the required amount of money for obtaining a special key that will recover the files. Usually, the authors of the Mogranos leave a ransom message called ‘_readme.txt’ to users who have infected their computer with this ransomware, indicating the required amount of ransom.
ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-2P5WrE5b9f Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: gorentos@bitmessage.ch
Threat Summary
| Name | Mogranos |
| Type | Crypto malware, Filecoder, Crypto virus, File locker, Ransomware |
| Encrypted files extension | .mogranos |
| Ransom note | _readme.txt |
| Contact | gorentos@bitmessage.ch |
| Ransom amount | $490/$980 in Bitcoins |
| Symptoms | Your photos, documents and music fail to open. Your personal files now have different extensions that end with something like .mogranos. Files called like ‘_readme.txt’, or ‘_readme’ in each folder with at least one encrypted file. |
| Distribution ways | Phishing emails that contain malicious attachments. Drive-by downloading (when a user unknowingly visits an infected web site and then malware is installed without the user’s knowledge). Social media posts (they can be used to entice users to download malicious software with a built-in ransomware downloader or click a suspicious link). Malvertising campaigns. |
| Removal | To remove Mogranos ransomware use the removal guide |
| Decryption | To decrypt Mogranos ransomware use the steps |
We recommend you to remove Mogranos ransomware virus as quickly as possible, until the presence of the ransomware virus has not led to even worse consequences. You need to follow the steps below that will allow you to completely remove Mogranos ransomware from your machine as well as recover encrypted photos, documents and music, using only few free tools.
Quick links
- How to remove Mogranos crypto virus
- How to decrypt .mogranos files
- Mogranos decryption tool
- How to restore .mogranos files
- How to protect your system from Mogranos ransomware?
- To sum up
How to remove Mogranos crypto virus
The Mogranos crypto malware can hide its components which are difficult for you to find out and uninstall completely. This may lead to the fact that after some time, the crypto malware once again infect your computer and encrypt your documents, photos and music. Moreover, I want to note that it’s not always safe to remove crypto malware manually, if you don’t have much experience in setting up and configuring the Microsoft Windows operating system. The best method to search for and uninstall Mogranos crypto malware is to run free malware removal software which are listed below.
Use Zemana to remove Mogranos ransomware
Zemana Anti Malware is a complete package of anti-malware tools that can help you remove Mogranos ransomware virus. Despite so many features, it does not reduce the performance of your PC. Zemana Anti-Malware (ZAM) has the ability to remove almost all the types of malware including crypto malware, trojans, worms, adware, hijackers, potentially unwanted applications and other malware. Zemana has real-time protection that can defeat most malware and crypto virus. You can use Zemana with any other antivirus software without any conflicts.
Installing the Zemana AntiMalware (ZAM) is simple. First you’ll need to download Zemana on your MS Windows Desktop from the following link.
164987 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once the download is done, close all applications and windows on your system. Double-click the setup file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as displayed on the image below, click the “Yes” button.
It will open the “Setup wizard” that will help you install Zemana AntiMalware (ZAM) on your PC system. Follow the prompts and don’t make any changes to default settings.
Once installation is done successfully, Zemana Free will automatically start and you can see its main screen as displayed in the figure below.
Now click the “Scan” button to perform a system scan with this utility for the Mogranos ransomware virus, other malicious software, worms and trojans. This process can take quite a while, so please be patient. While the utility is checking, you can see number of objects and files has already scanned.
After Zemana has completed scanning your computer, Zemana will display a list of found items. When you are ready, press “Next” button. The Zemana AntiMalware (ZAM) will remove Mogranos ransomware virus, other kinds of potential threats such as malware and trojans. After that process is finished, you may be prompted to reboot the PC system.
Run MalwareBytes to remove Mogranos crypto virus
You can uninstall Mogranos automatically with a help of MalwareBytes. We suggest this free malicious software removal utility because it can easily remove crypto malware, adware software, malicious software and other unwanted apps with all their components such as files, folders and registry entries.
Click the following link to download MalwareBytes. Save it directly to your MS Windows Desktop.
327225 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When the download is complete, run it and follow the prompts. Once installed, the MalwareBytes Free will try to update itself and when this procedure is done, click the “Scan Now” button . MalwareBytes Anti Malware (MBAM) tool will begin scanning the whole PC system to find out Mogranos crypto malware related files, folders and registry keys. A scan can take anywhere from 10 to 30 minutes, depending on the count of files on your machine and the speed of your PC. While the utility is checking, you can see how many objects and files has already scanned. You may delete items (move to Quarantine) by simply click “Quarantine Selected” button.
The MalwareBytes Free is a free program that you can use to remove all detected folders, files, services, registry entries and so on. To learn more about this malicious software removal tool, we recommend you to read and follow the steps or the video guide below.
Remove Mogranos ransomware with KVRT
KVRT is a free portable program that scans your PC system for adware software, PUPs and ransomwares such as Mogranos and helps uninstall them easily. Moreover, it will also allow you delete any malicious web-browser extensions and add-ons.
Download Kaspersky virus removal tool (KVRT) on your personal computer from the following link.
129279 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the download is done, double-click on the Kaspersky virus removal tool icon. Once initialization process is done, you will see the KVRT screen as shown below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan for the Mogranos ransomware virus and other known infections. A system scan can take anywhere from 5 to 30 minutes, depending on your computer. While the KVRT is checking, you can see how many objects it has identified either as being malicious software.
Once the scan is done, you may check all items found on your PC system as on the image below.
Review the results once the utility has done the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click on Continue to begin a cleaning procedure.
How to decrypt .mogranos files
You can damage files affected with Mogranos ransomware virus, or make them useless forever if you try to find the private key on your own, which is almost impossible in view of its cryptographic complexity. It is very important to know and understand the level of importance of constantly backing up important files to various media, like an USB stick, so that in case of damage to your computer by malware you can always extract a copy of encrypted files.
Never pay the ransom! However, it should be noted that the transferred amount of money to attackers is not yet a guarantee that the victim will receive a code to unlock the affected photos, documents and music. Very often, after receiving the money, cybercriminals impose new requirements for the transfer of an even larger amount of money. It is impossible to predict unambiguously what will be the actions of scammers who designed the Mogranos crypto malware, but it is safe to say that these actions are immoral and illegal.
Files encrypted by Mogranos ransomware virus
Of course, it can not be considered that the only correct way out of the situation when your PC is affected with Mogranos crypto malware, will be the payment of ransom, as this only leads to the prosperity of illegal actions of cyber criminals. The smart thing to do is to try to recover the locked files from the backup or wait for the release of the Mogranos decryption utility to decrypt them. You can also try to unlock files using free software listed below.
Mogranos decryption tool
With some variants of Mogranos file virus, it is possible to decrypt encrypted files using free tools listed below.
Michael Gillespie (@) released the Mogranos decryption tool named STOPDecrypter. It can decrypt .Mogranos files if they were locked by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.
Mogranos decryption tool
STOPDecrypter is a program that can be used for Mogranos files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Mogranos files using this free tool.
- Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip - After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
- Further, select ‘Extract all’ and follow the prompts.
- Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.
If STOPDecrypter does not help you to decrypt .Mogranos files, in some cases, you have a chance to restore your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.
How to restore .mogranos files
In some cases, you can recover files encrypted by Mogranos crypto virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted photos, documents and music.
Restore .mogranos encrypted files using Shadow Explorer
A free tool called ShadowExplorer is a simple way to use the ‘Previous Versions’ feature of MS Windows 10 (8, 7 , Vista). You can recover .mogranos files encrypted by the Mogranos ransomware from Shadow Copies for free.
Please go to the link below to download the latest version of ShadowExplorer for Microsoft Windows. Save it to your Desktop.
439627 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
Once the downloading process is complete, extract the saved file to a folder on your computer. This will create the necessary files as on the image below.
Start the ShadowExplorerPortable application. Now select the date (2) that you want to recover from and the drive (1) you want to restore files (folders) from like the one below.
On right panel navigate to the file (folder) you wish to restore. Right-click to the file or folder and press the Export button such as the one below.
And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Recover .mogranos files with PhotoRec
Before a file is encrypted, the Mogranos crypto malware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your documents, photos and music using file restore software such as PhotoRec.
Download PhotoRec by clicking on the link below.
After downloading is done, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It’ll display a screen as shown on the image below.
Select a drive to recover as shown in the following example.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as displayed on the screen below.
Click File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is done, click OK button.
Next, click Browse button to select where recovered personal files should be written, then press Search.
Count of restored files is updated in real time. All recovered personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is done, press on Quit button. Next, open the directory where restored personal files are stored. You will see a contents like below.
All restored photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your system from Mogranos ransomware?
Most antivirus apps already have built-in protection system against the ransomware. Therefore, if your PC does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your PC system from Mogranos crypto malware
All-in-all, HitmanPro.Alert is a fantastic tool to protect your PC from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from MS Windows XP to Windows 10.
Download HitmanPro.Alert on your MS Windows Desktop from the following link.
Once the downloading process is done, open the file location. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the utility is launched, you’ll be displayed a window where you can choose a level of protection, like below.
Now press the Install button to activate the protection.
To sum up
Now your PC should be free of the Mogranos crypto virus. Remove Kaspersky virus removal tool and MalwareBytes Free. We advise that you keep Zemana AntiMalware (ZAM) (to periodically scan your computer for new malware). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.
If you are still having problems while trying to uninstall Mogranos crypto malware from your PC, then ask for help here.
