Ransomware
Moisha Ransomware
Moisha is a .NET-based ransomware that employs double extortion techniques to encrypt and exfiltrate data from victims.
Moisha Ransomware is a Windows ransomware.
Background
Moisha is a .NET ransomware that uses double-extortion tactics to both encrypt and steal victim data. When it runs, it sets up a global mutex so that only a single instance operates on the host. It then halts services like backup and antivirus to keep them from disrupting encryption, switches off Microsoft Defender's real-time protection, and wipes shadow copies via PowerShell and Vssadmin. Files are locked with the RSA and AES algorithms, and a ransom note is dropped into the affected directory, telling victims to reach the attackers through a Moisha ID on TOX Messenger to negotiate payment. Moisha also propagates to other machines on the network and removes itself using a PowerShell command line.
Source: Malpedia (Fraunhofer FKIE).