Moisha Ransomware ia a .Net-based ransomware by a threat actor PT_Moisha. It is suspected that it is active since late July 2022. It uses AES and RSA for encrypting its victims files. It encrypts files that are less than 2 GB for efficiency. It not only encrypts data but steal it and ask its victims to pay $10k for not selling it in black marker to releasing it publicly. Moisha will remove some file names, director names, and extensions in the encryption method. Once completed, the malware removes itself through the PowerShell command line.
Moisha Ransomware Signatures
Moisha Ransomware Download