CoolKaushik01

.MZLQ Ransomeware with online key

By CoolKaushik01, in Help, my files are encrypted!

Recommended Posts

CoolKaushik01    1

CoolKaushik01
Posted

Need any option to decrypt files which are encrypted with .mzlq extension and while using emsisoft came to know that it is encrypted with online key. So need help to decrypt the files. Very urgent.

  • Upvote 1

Share this post

Link to post
Share on other sites

GT500    765

GT500
Posted
5 hours ago, CoolKaushik01 said:

Need any option to decrypt files which are encrypted with .mzlq extension and while using emsisoft came to know that it is encrypted with online key. So need help to decrypt the files. Very urgent.

This is a newer variant of STOP/Djvu, and since your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

Raj052    0

Raj052
Posted

I found the key to my mzlq malware. But how do I decrypt now? Is there any software which can do this?

Thank you,

Prithvi Raj

 

Share this post

Link to post
Share on other sites

GT500    765

GT500
Posted
19 hours ago, Raj052 said:

I found the key to my mzlq malware. But how do I decrypt now? Is there any software which can do this?

If you found a key, then it was a public key and not a private key, which means it can't help you decrypt your files.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

Saadi    0

Saadi
Posted

I'm struggling here with . mzlq files as well 😞 I hope you guys can assist, I'll pay for the decryption. 

Share this post

Link to post
Share on other sites

Saadi    0

Saadi
Posted
1 hour ago, GT500 said:

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

If I backup my encrypted files as they are, to access them at another time in the event of a decryptor being available, will the files not infect my new machine from the backup? Also will it be safe to back them up on an external hard drive without infecting the current files on there?

Please advise.

Thank you so much!

Share this post

Link to post
Share on other sites

GT500    765

GT500
Posted
17 hours ago, Saadi said:

If I backup my encrypted files as they are, to access them at another time in the event of a decryptor being available, will the files not infect my new machine from the backup?

No. Your files aren't infected, they're just encrypted.

 

17 hours ago, Saadi said:

Also will it be safe to back them up on an external hard drive without infecting the current files on there?

As long as you've removed the ransomware from your computer, then yes it's safe. Most Anti-Virus software can detect STOP/Djvu, and it's easy to remove, but if you don't already have something to scan for infections you can use Emsisoft Emergency Kit:
https://www.emsisoft.com/en/home/emergencykit/

Share this post

Link to post
Share on other sites

Adriel    0

Adriel
Posted

I’m facing the same problem with .mzlq files and this is online ID. 

Please tell me the truth, will I ever be able to recover my files again because I have already tried most of the softwares available on the internet.

Share this post

Link to post
Share on other sites

GT500    765

GT500
Posted
6 hours ago, Adriel said:

Please tell me the truth, will I ever be able to recover my files again because I have already tried most of the softwares available on the internet.

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Share this post

Link to post
Share on other sites

Adriel    0

Adriel
Posted

This is really bad. Some files are really important for me because those have my mother’s pictures and videos, who is no more in this world... And I don’t have any backup. I never thought this will happen. I can’t live without those memories...😭

Share this post

Link to post
Share on other sites

GT500    765

GT500
Posted
On 5/17/2020 at 9:36 AM, Adriel said:

This is really bad. Some files are really important for me because those have my mother’s pictures and videos, who is no more in this world... And I don’t have any backup. I never thought this will happen. I can’t live without those memories...😭

It may still be possible to decrypt the files some day. Just keep in mind that it won't been soon. The STOP ransomware has been around for a few years, and the Djvu variant has been around for about a year and a half. Whoever is behind it doesn't show any signs of stopping, and law enforcement hasn't arrested them yet, so it may still be some time before we're able to do anything more than we can right now.

Share this post

Link to post
Share on other sites

andon    0

andon
Posted

Hello, according to the information on the Internet I need to have two files, one original and the second encrypted to use https://decrypter.emsisoft.com/submit/stopdjvu/

Is it true that your personal ID: there is t1 at the end of the code is encrypted with an offline key

Share this post

Link to post
Share on other sites

GT500    765

GT500
Posted
20 hours ago, andon said:

Is it true that your personal ID: there is t1 at the end of the code is encrypted with an offline key

For any variants of STOP/Djvu in the past year, yes.

Share this post

Link to post
Share on other sites

GT500    765

GT500
Posted
22 hours ago, andon said:

if i send you 1 file can you try to decrypt , because i cannot

If the decrypter can't decrypt your files, then we can't either. Anyone with an offline ID for .mzlq will have to wait for us to obtain the private key for that variant's offline ID so that we can add it to our database.

I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.