Anonymous1

My files have been encrypted my .mosk ransomware

Recommended Posts

My laptop has been infected by .mosk ransomware and I am not able to recover my files using decryptor. I have got two IDs of ransomware:-

ID1:-  0180jYgs9f6sFCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOt1

ID2:-  0180jYgs9f6sFCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR

I have attached both readme.text file with both ids. Please help me to decrypt my files.I have restored some files from my hard disk backup and want to recover my remaining 30GB data.

_readme.txt _readme.txt smooth-muscle.jpg.mosk

Share this post


Link to post
Share on other sites

We have identified "STOP (Djvu)". This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by:

  • sample_extension: .mosk
  • sample_bytes: [0x1C8F - 0x1CA9] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
  • ransomnote_email: [email protected]

Click here for more information about STOP (Djvu).

Case number: 858a6fa5cdd735b9f4c9001d42381624841d2fe01575916172

Share this post


Link to post
Share on other sites

Unfortunately, this is a newer variant of mosk that changed the way the produce encryption keys.  Therefore we are not able to decrypt your files.  I suggest that you back up all the encrypted files, in case we or another security are able to crack this version and issue a working decrypter for this variant.

Share this post


Link to post
Share on other sites

I have backed up my files.Hope in the future the decryptor will be able to recover my files.But I am to see two IDs one is online and other is offline.So what are the chances of recovering the files in the future if you have a online ID?

Share this post


Link to post
Share on other sites
1 hour ago, Anonymous1 said:

But I am to see two IDs one is online and other is offline.

There are instances where the ransomware will mistakenly use more than one ID on a computer, for instance when it can't connect to its command and control servers when it starts encrypting files and starts off with an offline ID and key but later is able to connect and get an online ID and a random public key to encrypt files with. If this is the case you may have some files that will be recoverable once we are able to find the private key for files with an offline ID for this variant of STOP/Djvu.

 

1 hour ago, Anonymous1 said:

So what are the chances of recovering the files in the future if you have a online ID?

It uses a secure enough form of encryption that the only way we'd be able to decrypt files is with the private keys that are on the servers operated by the criminals (there's a small chance of someone finding a security vulnerability to exploit for decryption, but the odds are extremely low). The best chance is probably that law enforcement (working with Anti-Virus and security analysis firms) will eventually catch the criminals, and release their database of private keys for use in decrypters.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.