MIULER

HELP PLEASE Emsisoft Decryptor .MOST 

Recommended Posts

10 hours ago, Kevin Zoll said:

I responded to your HelpDesk ticket.

good morning friend
I do not understand your answer
if you could help me solve
the encryption of my files
with the .MOST
I would appreciate it very much friend

Share this post


Link to post
Share on other sites

Let's make sure of what we're dealing with.

 

Please visit the following website and upload both an encrypted file (between 256KB and 2MB in size would be best) and a ransom note simultaneously for proper identification, and send me the information it provides:

 

https://www.emsisoft.com/ransomware-decryption-tools/

 

Please be sure to read the information link on the results page, as to whether we have a decrypter or not, sometimes someone else's decrypter is listed, or other information is available that might be useful for recovery.

 

You might try using undelete software such as Recuva from Piriform, or if your files are very important, it may be worth talking to a company that specializes in negotiating with the criminals that created the ransomware, such as Coveware, at https://www.coveware.com/. They are one of the few companies that do this completely transparently and honestly.

 

If the identification process shows ransomware that is not decryptable, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.

Share this post


Link to post
Share on other sites
16 hours ago, Kevin Zoll said:

Let's make sure of what we're dealing with.

 

Please visit the following website and upload both an encrypted file (between 256KB and 2MB in size would be best) and a ransom note simultaneously for proper identification, and send me the information it provides:

 

https://www.emsisoft.com/ransomware-decryption-tools/

 

Please be sure to read the information link on the results page, as to whether we have a decrypter or not, sometimes someone else's decrypter is listed, or other information is available that might be useful for recovery.

 

You might try using undelete software such as Recuva from Piriform, or if your files are very important, it may be worth talking to a company that specializes in negotiating with the criminals that created the ransomware, such as Coveware, at https://www.coveware.com/. They are one of the few companies that do this completely transparently and honestly.

 

If the identification process shows ransomware that is not decryptable, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.

VERY GOOD MORNING FRIENDS
Many thanks for your response and all the information
my files are personal things nothing from the other world
the people who polluted
they have never contacted me
for the rescue
there I attach a file (X)
let's see if you can help me
thank you very much

29595571_2070881122928038_5207987455578683684_n.jpg.mosk COMODATO.docx.mosk doc compra v enta.docx.mosk LISTA DE PRECIOS.xlsx.mosk OFERTAS DE LA SEMANA.JPG.mosk PODER ESPECIA.docx.mosk PRESENTACION.jpg.mosk Presupuesto mt1.xls.mosk Presupuesto mt2.xls.mosk WENDY TONA 29-05-19.pdf.mosk

Share this post


Link to post
Share on other sites

@MIULER

MOSK is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool.  Despite that, I would like for you to run the STOP/DJVU decryption tool anyway.  That will accomplish a couple of things.  First, it will deactivate and remove any malware that was installed by the ransomware.  This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup.  Second, the decryption tool will determine the ID of the encrypted files.  Any ID ending in t1 is an Offline ID anything else is an Online ID.  This is important as it tells us how the encryption key was generated.  There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection.  An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file.  An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files.

Why is this important?  The ID of the file(s) is how private encryption keys are identified.  If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s).  However, this is all contingent on us having a matching private encryption key in our database.  The downside of all this is that we are not currently in possession of private encryption keys for the MOSK variant of STOP/DJVU.

NOTE:  We have added Offline IDs for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches the ones in our database, then our decryption tool will be able to decrypt those files.

To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

Share this post


Link to post
Share on other sites
3 minutes ago, cybermetric said:

Kevin:

The .mosk offline/private key was added to the Emsisoft server sometime ago, according to Demonslay.

 

That key is only for a specific ID.  Until he runs the decrypter we have no idea if the files are decryptable or not.

My reply also says that we have added offline keys over the past few days.

1 hour ago, Kevin Zoll said:

NOTE:  We have added Offline IDs for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches the ones in our database, then our decryption tool will be able to decrypt those files.

 

Share this post


Link to post
Share on other sites

The STOP ransomware variant with the .mosk extension was active in November 2019. This may not be new.

Look the list of "Hot STOP" with numbers and versions. 

Look the date of all STOP Ransomware variants

Another thing is that the user did not upload the _readme.txt so that the ID could be seen. 

Share this post


Link to post
Share on other sites
8 hours ago, Amigo-A said:

Hello @MIULER

Now attach only _readme.txt file to your message. Do not change anything in text.

ok friend but I don't understand how you can help me please

Share this post


Link to post
Share on other sites
19 hours ago, Kevin Zoll said:

@MIULER

MOSK is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool.  Despite that, I would like for you to run the STOP/DJVU decryption tool anyway.  That will accomplish a couple of things.  First, it will deactivate and remove any malware that was installed by the ransomware.  This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup.  Second, the decryption tool will determine the ID of the encrypted files.  Any ID ending in t1 is an Offline ID anything else is an Online ID.  This is important as it tells us how the encryption key was generated.  There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection.  An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file.  An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files.

Why is this important?  The ID of the file(s) is how private encryption keys are identified.  If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s).  However, this is all contingent on us having a matching private encryption key in our database.  The downside of all this is that we are not currently in possession of private encryption keys for the MOSK variant of STOP/DJVU.

NOTE:  We have added Offline IDs for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches the ones in our database, then our decryption tool will be able to decrypt those files.

To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

 

19 hours ago, Kevin Zoll said:

@MIULER

MOSK is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool.  Despite that, I would like for you to run the STOP/DJVU decryption tool anyway.  That will accomplish a couple of things.  First, it will deactivate and remove any malware that was installed by the ransomware.  This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup.  Second, the decryption tool will determine the ID of the encrypted files.  Any ID ending in t1 is an Offline ID anything else is an Online ID.  This is important as it tells us how the encryption key was generated.  There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection.  An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file.  An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files.

Why is this important?  The ID of the file(s) is how private encryption keys are identified.  If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s).  However, this is all contingent on us having a matching private encryption key in our database.  The downside of all this is that we are not currently in possession of private encryption keys for the MOSK variant of STOP/DJVU.

NOTE:  We have added Offline IDs for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches the ones in our database, then our decryption tool will be able to decrypt those files.

To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

OK friend
very grateful I go to the link
and I'll make the stop
How are you doing?
and I will inform you

 

Share this post


Link to post
Share on other sites
5 hours ago, MIULER said:

I don't understand how you can help me please

We need to see what is in the note to tell you what to do next.

Share this post


Link to post
Share on other sites
1 hour ago, Amigo-A said:

We need to see what is in the note to tell you what to do next.

some are legal document formats (Word)
txt are keys and mail users

Share this post


Link to post
Share on other sites

Your personal files are not needed.

File _readme.txt is a ransom note if you have been affected by a STOP Ransomware.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.