Anonymous1

My files are encrypted by .mosk ransomware

Recommended Posts

12 hours ago, Anonymous1 said:

Personal ID from decryptor - FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR

Personal ID from ransom note - 0180jYgs9f6sFCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
13 minutes ago, Anonymous1 said:

Can you forward my details to Demonslay335?

If he is able to find key for my ID.

It's not possible. He may be able to find the public key that was used when encrypting your files, but he doesn't have access to the database of private keys run by the criminals, and decryption isn't possible without the private key.

Share this post


Link to post
Share on other sites
17 hours ago, Anonymous1 said:

Key has been found for .mosk ransomware?

You have an online ID. The offline key won't work for your files.

Share this post


Link to post
Share on other sites
5 minutes ago, Anonymous1 said:

/Is there any possibility that key will be found for Online ID in future?

There's a possibility that the database of private keys operated by the criminals may be released if law enforcement is able to gain access to it. It's best to keep a backup of your encrypted files in case that does happen at some point.

Share this post


Link to post
Share on other sites

It can take anywhere from weeks to years. It depends on too many factors to be able to accurately guess how long it will take.

Share this post


Link to post
Share on other sites
17 hours ago, Arslan said:

Hi, how to recover .mosk files .. Please guide me and help me for how to decrypt files ?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Unable to decrypt Old Variant ID: FCDFmimNvc8rtxYYEAOKsLgTYOii2ZdLjxH0aOeR
First 5 bytes: D0CF11E0A1

This is the error I am getting when I tried decrypting files.

Share this post


Link to post
Share on other sites
48 minutes ago, Anonymous1 said:

But my laptop has been encrypted by new STOP/djvu ransomware called mosk and I have tried uploading the file but its shows the error.Check the uploaded image for the same.

The error message you posted from the decrypter says it's an old variant. I'll have to ask about that, and see why it's detecting it as an older variant.

Obviously if it's a newer variant, you won't be able to decrypt files if you have an online ID.

Share this post


Link to post
Share on other sites

Right now we think the decrypter is defaulting to saying it's an old variant when it can't connect to our database. Was your Internet connected and working when you ran the decrypter?

Share this post


Link to post
Share on other sites
On 1/27/2020 at 12:40 AM, Anonymous1 said:

My internet was connected and working

We've since discovered a bug in the decrypter that caused it to always say it was an Old Variant. This has been fixed in version 1.0.0.4, however please note that this does not effect decryption in any way, and only effects the message the decrypter displays.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.