Anonymous1 0 Posted December 17, 2019 Report Share Posted December 17, 2019 Hello, Personal ID from decryptor - FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR Personal ID from ransom note - 0180jYgs9f6sFCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR MAC address : 38-B1-DB-EE-BD-6D Extension - .mosk Please help me in decrypting my files. _readme.txt BYJUs Experience Letter.pdf.mosk Quote Link to post Share on other sites
GT500 853 Posted December 18, 2019 Report Share Posted December 18, 2019 12 hours ago, Anonymous1 said: Personal ID from decryptor - FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR Personal ID from ransom note - 0180jYgs9f6sFCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Anonymous1 0 Posted December 19, 2019 Author Report Share Posted December 19, 2019 Can you forward my details to Demonslay335? If he is able to find key for my ID. Quote Link to post Share on other sites
GT500 853 Posted December 19, 2019 Report Share Posted December 19, 2019 13 minutes ago, Anonymous1 said: Can you forward my details to Demonslay335? If he is able to find key for my ID. It's not possible. He may be able to find the public key that was used when encrypting your files, but he doesn't have access to the database of private keys run by the criminals, and decryption isn't possible without the private key. Quote Link to post Share on other sites
Anonymous1 0 Posted December 19, 2019 Author Report Share Posted December 19, 2019 Key has been found for .mosk ransomware? Quote Link to post Share on other sites
GT500 853 Posted December 20, 2019 Report Share Posted December 20, 2019 17 hours ago, Anonymous1 said: Key has been found for .mosk ransomware? You have an online ID. The offline key won't work for your files. Quote Link to post Share on other sites
Anonymous1 0 Posted December 21, 2019 Author Report Share Posted December 21, 2019 /Is there any possibility that key will be found for Online ID in future? Quote Link to post Share on other sites
GT500 853 Posted December 21, 2019 Report Share Posted December 21, 2019 5 minutes ago, Anonymous1 said: /Is there any possibility that key will be found for Online ID in future? There's a possibility that the database of private keys operated by the criminals may be released if law enforcement is able to gain access to it. It's best to keep a backup of your encrypted files in case that does happen at some point. Quote Link to post Share on other sites
Anonymous1 0 Posted December 21, 2019 Author Report Share Posted December 21, 2019 How much time it takes generally? Quote Link to post Share on other sites
GT500 853 Posted December 22, 2019 Report Share Posted December 22, 2019 It can take anywhere from weeks to years. It depends on too many factors to be able to accurately guess how long it will take. Quote Link to post Share on other sites
Arslan 0 Posted December 23, 2019 Report Share Posted December 23, 2019 Hi, how to recover .mosk files .. Please guide me and help me for how to decrypt files ? Quote Link to post Share on other sites
GT500 853 Posted December 24, 2019 Report Share Posted December 24, 2019 17 hours ago, Arslan said: Hi, how to recover .mosk files .. Please guide me and help me for how to decrypt files ? This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Anonymous1 0 Posted January 6, 2020 Author Report Share Posted January 6, 2020 Any updates on the mosk ransomware keys? Quote Link to post Share on other sites
GT500 853 Posted January 7, 2020 Report Share Posted January 7, 2020 23 hours ago, Anonymous1 said: Any updates on the mosk ransomware keys? No, but if there ever is then it will almost certainly be covered on BleepingComputer's news feed:https://www.bleepingcomputer.com/ Quote Link to post Share on other sites
Anonymous1 0 Posted January 23, 2020 Author Report Share Posted January 23, 2020 Unable to decrypt Old Variant ID: FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR First 5 bytes: D0CF11E0A1 This is the error I am getting when I tried decrypting files. Quote Link to post Share on other sites
GT500 853 Posted January 24, 2020 Report Share Posted January 24, 2020 Have you uploaded file pairs via our submission form? There's an explanation at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Anonymous1 0 Posted January 24, 2020 Author Report Share Posted January 24, 2020 But my laptop has been encrypted by new STOP/djvu ransomware called mosk and I have tried uploading the file but its shows the error.Check the uploaded image for the same. Quote Link to post Share on other sites
GT500 853 Posted January 24, 2020 Report Share Posted January 24, 2020 48 minutes ago, Anonymous1 said: But my laptop has been encrypted by new STOP/djvu ransomware called mosk and I have tried uploading the file but its shows the error.Check the uploaded image for the same. The error message you posted from the decrypter says it's an old variant. I'll have to ask about that, and see why it's detecting it as an older variant. Obviously if it's a newer variant, you won't be able to decrypt files if you have an online ID. Quote Link to post Share on other sites
Anonymous1 0 Posted January 24, 2020 Author Report Share Posted January 24, 2020 Let me know once you have an update. Quote Link to post Share on other sites
GT500 853 Posted January 25, 2020 Report Share Posted January 25, 2020 Right now we think the decrypter is defaulting to saying it's an old variant when it can't connect to our database. Was your Internet connected and working when you ran the decrypter? Quote Link to post Share on other sites
Anonymous1 0 Posted January 27, 2020 Author Report Share Posted January 27, 2020 My internet was connected and working Quote Link to post Share on other sites
GT500 853 Posted January 28, 2020 Report Share Posted January 28, 2020 On 1/27/2020 at 12:40 AM, Anonymous1 said: My internet was connected and working We've since discovered a bug in the decrypter that caused it to always say it was an Old Variant. This has been fixed in version 1.0.0.4, however please note that this does not effect decryption in any way, and only effects the message the decrypter displays. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.