.MZLQ Ransomeware with online key

[CoolKaushik01 1]

Need any option to decrypt files which are encrypted with .mzlq extension and while using emsisoft came to know that it is encrypted with online key. So need help to decrypt the files. Very urgent.

[GT500 813]

5 hours ago, CoolKaushik01 said:

Need any option to decrypt files which are encrypted with .mzlq extension and while using emsisoft came to know that it is encrypted with online key. So need help to decrypt the files. Very urgent.

This is a newer variant of STOP/Djvu, and since your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

[Raj052 0]

I found the key to my mzlq malware. But how do I decrypt now? Is there any software which can do this?

Thank you,

Prithvi Raj

 

[Amigo-A 132]

Just attach the _readme.txt file to the message

[GT500 813]

19 hours ago, Raj052 said:

I found the key to my mzlq malware. But how do I decrypt now? Is there any software which can do this?

If you found a key, then it was a public key and not a private key, which means it can't help you decrypt your files.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

[Saadi 0]

I'm struggling here with . mzlq files as well 😞 I hope you guys can assist, I'll pay for the decryption. 

[Saadi 0]

This is my _readme.txt file 

Please let me know

_readme.txt

[GT500 813]

23 hours ago, Saadi said:

This is my _readme.txt file 

Please let me know

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

[Saadi 0]

1 hour ago, GT500 said:

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

If I backup my encrypted files as they are, to access them at another time in the event of a decryptor being available, will the files not infect my new machine from the backup? Also will it be safe to back them up on an external hard drive without infecting the current files on there?

Please advise.

Thank you so much!

[GT500 813]

17 hours ago, Saadi said:

If I backup my encrypted files as they are, to access them at another time in the event of a decryptor being available, will the files not infect my new machine from the backup?

No. Your files aren't infected, they're just encrypted.

 

17 hours ago, Saadi said:

Also will it be safe to back them up on an external hard drive without infecting the current files on there?

As long as you've removed the ransomware from your computer, then yes it's safe. Most Anti-Virus software can detect STOP/Djvu, and it's easy to remove, but if you don't already have something to scan for infections you can use Emsisoft Emergency Kit:
https://www.emsisoft.com/en/home/emergencykit/

[Adriel 0]

I’m facing the same problem with .mzlq files and this is online ID. 

Please tell me the truth, will I ever be able to recover my files again because I have already tried most of the softwares available on the internet.

[GT500 813]

6 hours ago, Adriel said:

Please tell me the truth, will I ever be able to recover my files again because I have already tried most of the softwares available on the internet.

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

[Adriel 0]

This is really bad. Some files are really important for me because those have my mother’s pictures and videos, who is no more in this world... And I don’t have any backup. I never thought this will happen. I can’t live without those memories...😭

[GT500 813]

On 5/17/2020 at 9:36 AM, Adriel said:

This is really bad. Some files are really important for me because those have my mother’s pictures and videos, who is no more in this world... And I don’t have any backup. I never thought this will happen. I can’t live without those memories...😭

It may still be possible to decrypt the files some day. Just keep in mind that it won't been soon. The STOP ransomware has been around for a few years, and the Djvu variant has been around for about a year and a half. Whoever is behind it doesn't show any signs of stopping, and law enforcement hasn't arrested them yet, so it may still be some time before we're able to do anything more than we can right now.

[andon 0]

Hello, according to the information on the Internet I need to have two files, one original and the second encrypted to use https://decrypter.emsisoft.com/submit/stopdjvu/

Is it true that your personal ID: there is t1 at the end of the code is encrypted with an offline key

[andon 0]

Link removed.

i take information from this web site

Edited June 10 by GT500
Removed link.

[Amigo-A 132]

@andon  Here is the official help link from Emsisoft staff.

 

[GT500 813]

20 hours ago, andon said:

Is it true that your personal ID: there is t1 at the end of the code is encrypted with an offline key

For any variants of STOP/Djvu in the past year, yes.

[andon 0]

if i send you 1 file can you try to decrypt , because i cannot

[GT500 813]

22 hours ago, andon said:

if i send you 1 file can you try to decrypt , because i cannot

If the decrypter can't decrypt your files, then we can't either. Anyone with an offline ID for .mzlq will have to wait for us to obtain the private key for that variant's offline ID so that we can add it to our database.

I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

[ElSaFeR 0]

i have the same problem but with .zida extension with personal ID:
0238yjnkjddrtp1EKGvS1O0qLUgSxNEHk7I9nO5py3pOy6dSQEXmr

is it possible for decryption or not yet

+ i have some original unencrypted files for the encrypted files , can it help? 

 

 

[GT500 813]

3 hours ago, ElSaFeR said:

i have the same problem but with .zida extension with personal ID:
0238yjnkjddrtp1EKGvS1O0qLUgSxNEHk7I9nO5py3pOy6dSQEXmr

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

3 hours ago, ElSaFeR said:

i have some original unencrypted files for the encrypted files , can it help? 

Newer variants of the STOP/Djvu ransomware use RSA keys, which are impervious to most forms of attack.

[tenpaz 0]

On 5/17/2020 at 7:06 PM, Adriel said:

This is really bad. Some files are really important for me because those have my mother’s pictures and videos, who is no more in this world... And I don’t have any backup. I never thought this will happen. I can’t live without those memories...😭

any luck?