Anonymous1 0 Report post Posted December 17, 2019 Hello, Personal ID from decryptor - FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR Personal ID from ransom note - 0180jYgs9f6sFCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR MAC address : 38-B1-DB-EE-BD-6D Extension - .mosk Please help me in decrypting my files. _readme.txt BYJUs Experience Letter.pdf.mosk Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted December 18, 2019 12 hours ago, Anonymous1 said: Personal ID from decryptor - FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR Personal ID from ransom note - 0180jYgs9f6sFCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted December 19, 2019 Can you forward my details to Demonslay335? If he is able to find key for my ID. Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted December 19, 2019 13 minutes ago, Anonymous1 said: Can you forward my details to Demonslay335? If he is able to find key for my ID. It's not possible. He may be able to find the public key that was used when encrypting your files, but he doesn't have access to the database of private keys run by the criminals, and decryption isn't possible without the private key. Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted December 19, 2019 Key has been found for .mosk ransomware? Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted December 20, 2019 17 hours ago, Anonymous1 said: Key has been found for .mosk ransomware? You have an online ID. The offline key won't work for your files. Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted December 21, 2019 /Is there any possibility that key will be found for Online ID in future? Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted December 21, 2019 5 minutes ago, Anonymous1 said: /Is there any possibility that key will be found for Online ID in future? There's a possibility that the database of private keys operated by the criminals may be released if law enforcement is able to gain access to it. It's best to keep a backup of your encrypted files in case that does happen at some point. Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted December 21, 2019 How much time it takes generally? Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted December 22, 2019 It can take anywhere from weeks to years. It depends on too many factors to be able to accurately guess how long it will take. Quote Share this post Link to post Share on other sites
Arslan 0 Report post Posted December 23, 2019 Hi, how to recover .mosk files .. Please guide me and help me for how to decrypt files ? Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted December 24, 2019 17 hours ago, Arslan said: Hi, how to recover .mosk files .. Please guide me and help me for how to decrypt files ? This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted January 6 Any updates on the mosk ransomware keys? Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted January 7 23 hours ago, Anonymous1 said: Any updates on the mosk ransomware keys? No, but if there ever is then it will almost certainly be covered on BleepingComputer's news feed:https://www.bleepingcomputer.com/ Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted January 23 Unable to decrypt Old Variant ID: FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR First 5 bytes: D0CF11E0A1 This is the error I am getting when I tried decrypting files. Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted January 24 Have you uploaded file pairs via our submission form? There's an explanation at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted January 24 But my laptop has been encrypted by new STOP/djvu ransomware called mosk and I have tried uploading the file but its shows the error.Check the uploaded image for the same. Download Image Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted January 24 48 minutes ago, Anonymous1 said: But my laptop has been encrypted by new STOP/djvu ransomware called mosk and I have tried uploading the file but its shows the error.Check the uploaded image for the same. The error message you posted from the decrypter says it's an old variant. I'll have to ask about that, and see why it's detecting it as an older variant. Obviously if it's a newer variant, you won't be able to decrypt files if you have an online ID. Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted January 24 Let me know once you have an update. Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted January 25 Right now we think the decrypter is defaulting to saying it's an old variant when it can't connect to our database. Was your Internet connected and working when you ran the decrypter? Quote Share this post Link to post Share on other sites
Anonymous1 0 Report post Posted January 27 My internet was connected and working Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted January 28 On 1/27/2020 at 12:40 AM, Anonymous1 said: My internet was connected and working We've since discovered a bug in the decrypter that caused it to always say it was an Old Variant. This has been fixed in version 1.0.0.4, however please note that this does not effect decryption in any way, and only effects the message the decrypter displays. Quote Share this post Link to post Share on other sites
