.Mtogas file extension ransomware virus (Restore, Decrypt mtogas files)

A new variant of ransomware virus has been discovered by security experts. It appends the .mtogas file extension to encrypted files. This ransomware targets computers running Windows by spam emails, malicious software or manually installing the ransomware. Here’s everything you need to know about this ransomware, how to remove ‘Mtogas ransomware virus’ and how to restore (decrypt) encrypted documents, photos and music for free.

The Mtogas file virus is a new ransomware, that is developed to be implemented into the user’s machine in order to block files like web application-related files, drawings, documents, video materials, database, photos and archives, by using complex digital algorithm. In case of infection with this crypto virus, the user will not be able to decrypt files on his own, even by renaming them. Mtogas encrypts almost of files, including common as:

.cas, .pdd, .icxs, .litemod, .bay, .doc, .wps, .mrwref, .r3d, .wb2, .slm, .wdp, .upk, .mddata, .xxx, .wsc, .wmv, .ncf, .iwd, .vtf, .sr2, .rofl, .ws, .sql, .wbmp, .hkdb, .ztmp, .sie, .sum, .arch00, .sb, .apk, .xdb, .map, .xlk, .wma, .ai, .wma, .odp, .z3d, .m3u, .xbplate, .odm, .nrw, .py, .wpd, .gdb, .wp6, .snx, .d3dbsp, .flv, .wcf, wallet, .yml, .3ds, .xmind, .bkp, .0, .zi, .xyw, .odt, .vpp_pc, .xlsm, .pak, .mov, .bar, .w3x, .pem, .hplg, .3dm, .cfr, .wbz, .blob, .xbdoc, .xml, .jpe, .bik, .mdb, .xmmap, .crw, .dba, .bc7, .xdl, .cdr, .jpeg, .pptx, .fsh, .sav, .wav, .bc6, .tor, .xls, .wp4, .pkpass, .syncdb, .xy3, .rb, .xlgc, .wpa, .docx, .epk, .itl, .js, .wpl, .hvpl, .wsd, .txt, .lbf, .orf, .re4, .lvl, .wn, .db0, .z, .p12, .xlsb, .y, .xlsx, .big, .qic, .x, .indd, .p7c, .crt, .css, .wmv, .zdb, .rw2, .esm, .dcr, .wbd, .qdf, .3fr, .der, .ods, .xf, .zabw, .psk, .2bp, .ybk, .asset, .wpt, .wotreplay, .wpe, .xx, .wp7, .wsh, .xll, .mdbackup, .dazip, .iwi, .wpd, .bkf, .wbm, .dxg, .wpw, .ptx, .kdc, .dbf, .xwp, .ntl, .1st, .das, .itm, .webdoc, .xyp, .avi, .hkx, .sidn, .1, .vdf, .t13, .xar, .zip, .erf, .x3f, .odc, .wgz, .cer, .pfx, .raf, .webp, .p7b, .ff, .jpg, .sidd, .ibank, .wbk, .lrf, .vfs0, .wpg, .wmo, .docm, .dwg, .mp4, .xld, .wmd, .dng, .wps, .ppt, .rim, .pptm, .pef, .sid, .forge, .srf, .arw, .accdb, .mef, .zdc, .desc, .kdb, .xls, .zw, .wp, .zif, .csv

The Mtogas ransomware locks up users’ files using complex digital algorithm, overwrites most of the content of the original files with the encrypted data and appends the .mtogas extension to each encrypted file. The user who sees the files with .mtogas extension understands that they are locked and will remain so until he pays the attackers the required amount of money for obtaining a special key that will restore the files. Usually, the authors of the Mtogas leave a ransom note named ‘_readme.txt’ to users who have infected their computer with this ransomware virus, indicating the required amount of ransom.

 

Threat Summary

Name	Mtogas
Type	Crypto virus, File locker, Ransomware, Crypto malware, Filecoder
Encrypted files extension	.mtogas
Ransom note	_readme.txt
Contact	gorentos@bitmessage.ch
Ransom amount	$490/$980 in Bitcoins
Symptoms	Encrypted files. Files are encrypted with a .mtogas file extension. Files called such as ‘_readme.txt’, or ‘_readme’ in each folder with at least one encrypted file.
Distribution ways	Malicious links in emails. Drive-by downloading (when a user unknowingly visits an infected webpage and then malicious software is installed without the user’s knowledge). Social media posts (they can be used to trick users to download malware with a built-in ransomware downloader or click a suspicious link). Torrent web sites.
Removal	To remove Mtogas ransomware use the removal guide
Decryption	To decrypt Mtogas ransomware use the steps

 

After reading this blog post, you will know how to deal with the Mtogas virus. It is important for you to remember that we also cannot guarantee you an absolute solution to all your Mtogas virus problems. We can recommend you a solution that might help. Nevertheless, this way is worth your attention because there is still a possibility that it will allow you remove Mtogas and unlock files that have been locked with crypto malware.

Quick links

1. How to remove Mtogas ransomware virus
2. How to decrypt .mtogas files
3. Mtogas decryption tool
4. How to restore .mtogas files
5. How to protect your personal computer from Mtogas ransomware?

How to remove Mtogas ransomware virus

We can help you delete Mtogas ransomware, without the need to take your system to a professional. Simply follow the removal guidance below if you currently have the crypto virus on your system and want to remove it. If you’ve any difficulty while trying to uninstall the ransomware virus, feel free to ask for our help in the comment section below. Read this manual carefully, bookmark or print it, because you may need to shut down your browser or restart your PC system.

Use Zemana Free to remove Mtogas ransomware

Zemana Anti-Malware (ZAM) is a free malware removal utility. Currently, there are two versions of the program, one of them is free and second is paid (premium). The principle difference between the free and paid version of the tool is real-time protection module. If you just need to check your machine for malicious software and remove Mtogas crypto virus related folders,files and registry keys, then the free version will be enough for you.

Zemana Anti-Malware can be downloaded from the following link. Save it on your Windows desktop or in any other place.

Once downloading is complete, close all apps and windows on your system. Double-click the setup file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as displayed in the figure below, click the “Yes” button.

It will open the “Setup wizard” which will help you set up Zemana Free on your machine. Follow the prompts and don’t make any changes to default settings.

Once install is done successfully, Zemana will automatically start and you can see its main screen as displayed in the figure below.

Now click the “Scan” button to perform a system scan for the Mtogas virus, other kinds of potential threats like malicious software and trojans. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your machine and the speed of your personal computer. While the Zemana application is checking, you can see how many objects it has identified as threat.

When Zemana Anti-Malware (ZAM) has finished scanning your system, a list of all items found is prepared. Once you have selected what you want to delete from your personal computer click “Next” button. The Zemana Free will begin to delete Mtogas ransomware virus and other security threats. When that process is finished, you may be prompted to reboot the computer.

How to automatically remove Mtogas with MalwareBytes

Manual Mtogas virus removal requires some computer skills. Some files and registry entries that created by the crypto malware can be not completely removed. We recommend that use the MalwareBytes Free that are completely free your system of crypto malware. Moreover, this free application will allow you to remove malware, potentially unwanted programs, adware and toolbars that your computer may be infected too.

Download MalwareBytes Anti-Malware on your computer by clicking on the link below.

Once downloading is done, run it and follow the prompts. Once installed, the MalwareBytes Free will try to update itself and when this procedure is done, click the “Scan Now” button for checking your system for the Mtogas crypto malware related folders,files and registry keys. During the scan MalwareBytes Anti-Malware (MBAM) will find threats exist on your PC system. Make sure all items have ‘checkmark’ and click “Quarantine Selected” button.

The MalwareBytes Free is a free application that you can use to remove all detected folders, files, services, registry entries and so on. To learn more about this malware removal utility, we recommend you to read and follow the guide or the video guide below.

Run KVRT to delete Mtogas crypto virus from the personal computer

KVRT is a free portable application that scans your computer for malware, trojans and ransomware and helps uninstall them easily. Moreover, it will also allow you delete any harmful internet browser extensions and add-ons.

Download Kaspersky virus removal tool (KVRT) from the following link. Save it on your MS Windows desktop.

After the download is done, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is complete, you will see the KVRT screen similar to the one below.

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button . Kaspersky virus removal tool tool will begin scanning the whole PC to find out Mtogas ransomware virus and other malware. This task can take quite a while, so please be patient. During the scan KVRT will find threats present on your personal computer.

When KVRT is finished scanning your computer, KVRT will produce a list of unwanted applications and crypto malware as shown on the image below.

You may remove items (move to Quarantine) by simply press on Continue to begin a cleaning task.

How to decrypt .mtogas files

You can damage documents, photos and music affected with Mtogas crypto virus, or make them useless forever if you try to find the private key on your own, which is almost impossible in view of its cryptographic complexity. It is very important to know and understand the level of importance of constantly backing up important files to various media, like an USB stick, so that in case of damage to your system by malware you can always extract a copy of locked files.

Never pay the ransom! However, the victim who will pay the ransom payment to attackers cannot be completely sure of obtaining a private key, because he is dealing with unscrupulous and dishonest people who are ready to commit any immoral actions, including hiding after receiving the money from the victim, and not providing a decryption utility (key) to unlock encrypted files.

The Mtogas ransomware is not the only one of its kind, for some of them, there are already methods to restore access to blocked documents, photos and music that were made by cyber security experts. This gives hope that the Mtogas decryption tool can be made for this crypto virus as well. However, since each case of coding is original, victim should seek help and provide an identifier that will give the opportunity to get the special code key and decryption utility.

Mtogas decryption tool

With some variants of Mtogas virus, it is possible to decrypt encrypted files using free tools listed below.

Michael Gillespie (@) released the Mtogas decryption tool named STOPDecrypter. It can decrypt .Mtogas files if they were locked by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.

STOPDecrypter is a program that can be used for Mtogas files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Mtogas files using this free tool.

1. Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
   download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
2. After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
3. Further, select ‘Extract all’ and follow the prompts.
4. Once the extraction process is finished, right click on STOPDecrypter, choose ‘Run as Admininstrator’. Select Directory and press Decrypt button.

If STOPDecrypter does not help you to decrypt .Mtogas files, in some cases, you have a chance to restore your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.

How to restore .mtogas files

In some cases, you can recover files encrypted by Mtogas crypto virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.

Use shadow copies to recover .mtogas files

An alternative is to recover .mtogas files from their Shadow Copies. The Shadow Volume Copies are copies of files and folders that MS Windows 10 (8, 7 and Vista) automatically saved as part of system protection. This feature is fantastic at rescuing personal files that were locked by Mtogas ransomware. The tutorial below will give you all the details.

Please go to the following link to download ShadowExplorer. Save it on your Microsoft Windows desktop.

After downloading is done, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown in the following example.

Double click ShadowExplorerPortable to start it. You will see the a window as shown in the following example.

In top left corner, select a Drive where encrypted documents, photos and music are stored and a latest restore point as on the image below (1 – drive, 2 – restore point).

On right panel look for a file that you wish to restore, right click to it and select Export as displayed on the image below.

Use PhotoRec to recover .mtogas files

Before a file is encrypted, the Mtogas crypto malware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your documents, photos and music using file recover applications like PhotoRec.

Download PhotoRec by clicking on the following link. Save it directly to your Microsoft Windows Desktop.

Once downloading is done, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed below.

Double click on qphotorec_win to run PhotoRec for Windows. It’ll open a screen as displayed in the following example.

Choose a drive to recover such as the one below.

You will see a list of available partitions. Select a partition that holds encrypted personal files as shown in the figure below.

Click File Formats button and specify file types to restore. You can to enable or disable the recovery of certain file types. When this is done, click OK button.

Next, click Browse button to choose where restored files should be written, then click Search.

Count of recovered files is updated in real time. All restored files are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.

When the recovery is complete, click on Quit button. Next, open the directory where restored personal files are stored. You will see a contents as on the image below.

All recovered personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.

How to protect your personal computer from Mtogas ransomware?

Most antivirus applications already have built-in protection system against the crypto malware. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.

Use HitmanPro.Alert to protect your system from Mtogas ransomware

HitmanPro.Alert is a small security tool. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.

First, visit the page linked below, then press the ‘Download’ button in order to download the latest version of HitmanPro Alert.

After the downloading process is finished, open the directory in which you saved it. You will see an icon like below.

Double click the HitmanPro Alert desktop icon. When the tool is launched, you’ll be displayed a window where you can select a level of protection, like below.

Now click the Install button to activate the protection.

Finish words

Once you have done the step-by-step guide shown above, your personal computer should be clean from Mtogas crypto malware and other malware. Your system will no longer encrypt your personal files. Unfortunately, if the few simple steps does not help you, then you have caught a new variant of crypto virus, and then the best way – ask for help here.