Kc34

Encryrpted file extension with .mool

Recommended Posts

hello,

I have a big problem in all my files

No key for New Variant offline ID: uvEETK84RPC0Q5icp67CP746LJaCJuwq2tG9Kjt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

I am so sad about that my all data has been encrypted even please help me .

 

And all files extension are now .mool

Share this post


Link to post
Share on other sites
1 hour ago, Kc34 said:

No key for New Variant offline ID: uvEETK84RPC0Q5icp67CP746LJaCJuwq2tG9Kjt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

We don't have the private key for this offline ID yet. I recommend running the decrypter once every week or two so that you can see when we do get a hold of it and add it to our database.

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

We don't have the private key for this offline ID yet. I recommend running the decrypter once every week or two so that you can see when we do get a hold of it and add it to our database.

how to add to your database

Share this post


Link to post
Share on other sites

Hello @Kc34

This is the result of STOP Ransomware attack that has been attacking computers around the world for several years.
Demonslay335 and Emsisoft are working on decrypting various variants of this ransomware.

Thet variants are a lot of them, you can familiarize yourself with the list of versions with different extensions.
You can find multiple posts with a similar problem on this forum to find out how many similar cases.

Quote

uvEETK84RPC0Q5icp67CP746LJaCJuwq2tG9Kjt1

It seems that your case still has hope for decryption when a decryption key will added to the decryptor.

You also need to check the PC and make sure. that the malware is not in the system.
https://www.emsisoft.com/en/business/eek/

Otherwise, the files may be re-encrypted with a different key.
This is very important to do as quickly as possible.

 

 

Share this post


Link to post
Share on other sites
22 hours ago, Kc34 said:

how to add to your database

We add keys to our database when we're able to find them.

Share this post


Link to post
Share on other sites

Hello @Mücahit Erdem,

 

Welcome to the Emsisoft Support Forums.

 

General Notes With Regards to STOP/DJVU

 

  1. Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again.
  2. What does "Remote name could not be resolved" mean?  It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default
  3. If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted.  That is not an error message.
  4. If your files have an Online ID that means that the files encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files.  We do not have access to those keys.
  5. If your files have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database.  Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key.
  6. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key.
  7. New Variant STOP/DJVU utilizes both the RSA and Salsa20 encryption algorithms.  Both RSA and Salsa20 are considered secure encryption methods and are unbreakable using current technologies. They are not reversible, cannot be cracked, and we are not able to generate a decryption key.  So do not send us encrypted files thinking we can recover your decryption key, we can't.
  8. Old Variant STOP/DJVU.  If our decryption tool cannot decrypt the files, submit file pairs to https://decrypter.emsisoft.com/submit/stopdjvu/
  9. Old Variant STOP/DJVU.  The decrypter can't decrypt all of my pictures even though I submitted file pairs for them? JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decrypter will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you've obtained those pictures from.

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.