Ransomware Research
Maoloa Ransomware
Maoloa is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on September 1, 2018, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Unnamed RDP-Reset.
Quick Facts
- Ransomware Family
- Maoloa
- First Seen
- September 1, 2018
- Known Aliases
- Unnamed RDP-Reset
How Maoloa Ransomware Works
Targeted Files
Encrypts every 32 bytes There is informatopn about info.html ransom note, not confirmed
File Encryption Patterns
Maoloa modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..maoloa
..Ox4444
..brydreed
..Alco4444
..Mr-X666
..Tiger4444
..tabufa
..systems32x
..Pig4444
..[epta.mcold@gmail.com]
..middleman2020
..pig4444
..Horse4444
..shelbyboom
..diller13
..Rabbit4444
..decrypt019
..system32x
..Encrypted
..charlie.j0hnson
Ransom Note and Payment Demands
After encrypting files, Maoloa displays ransom notes demanding payment for file recovery:
HOW BACK YOUR FILES.txt
Ransom message:
notes/HOW BACK YOUR FILES.txt
HOW TO BACK YOUR FILES.txt
Ransom message:
notes/HOW TO BACK YOUR FILES.txt
Note locations:
EveryFolder
how_to_back_files.html
!INSTRUCTI0NS!.TXT
Ransom message:
notes/!INSTRUCTI0NS!.TXT
HOW_TO_BACK_FILES.txt
Ransom message:
notes/HOW_TO_BACK_FILES.txt
Note locations:
EveryFolder
HOW TO RETURN YOU FILES.exe
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with Maoloa ransomware:
test_v.doc
svhost.exe
GlobeImposter.exe
Tiger4444.exe
!!INSTRUCTIONS!!.exe
ShrtcmingLayout
ShrtcmingLayout.exe
msopsm.exe
system32x.exe
Data Recovery.bin
CSRSS.Exe
crss.exe
Elastio Can Help You
Don't let Maoloa ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Maoloa ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Maoloa.
Last updated: July 30, 2025