HOMETHREATSMoisha Ransomware
MALWARE FAMILY💰 FINANCIALHIGH

Moisha Ransomware

Internal ID: win.moisha
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Moisha is a .NET-based ransomware that employs double extortion techniques to encrypt and exfiltrate data from victims. Upon execution, it creates a global mutex to ensure only one instance of the malware runs on the affected system. It then stops services such as backup and antivirus to avoid interference during the encryption process. Moisha disables real-time protection in Microsoft Defender and removes shadow copies using PowerShell and Vssadmin. It encrypts files on the system using RSA and AES encryption algorithms and places a ransom note in the affected directory. The note instructs victims to contact the attackers via a Moisha ID on TOX Messenger to negotiate the ransom. Additionally, Moisha spreads to other machines on the network and self-deletes using PowerShell command line.

Threat Analysis

Moisha Ransomware is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

Financially motivated threat actors like Moisha Ransomware prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Moisha Ransomware is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeMalware Family
Motivation💰 financial
Sophisticationhigh
Aliases1

Also Known As

win.moisha

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Moisha Ransomware — Malware Family | Threat Intelligence | CTIWATCH.COM