Jump to content

seltrers

Slobodan Stanković
 Share Followers 1

Recommended Posts

GT500

GT500 853

Posted
Posted

.moka was known to have been a variant of STOP/Djvu first seen on September 5th, 2019. Without more information I can't say for certain if that's what your files were encrypted by, however we do have a decrypter for it that will work for some victims. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
9 hours ago, Slobodan Stanković said:

Say: Notice: this ID appears to be an online ID, decryption is impossible

Then decryption is impossible. At least it's impossible without the private key for your ID, and only the criminals have that.

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
16 hours ago, Slobodan Stanković said:

Is there any hope of making a decryptor for extensions.moka and repl?
I don't want to pay a penny to criminals.

We already have a decrypter, but it isn't actually possible to decrypt files that have been encrypted by newer versions of STOP/Djvu without having the private keys for the files, and only the criminals have access to the private keys.

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
17 hours ago, Slobodan Stanković said:

Does that mean you have a decryptor for .moka extension and you don't have a .repl?

We have a decrypter for STOP/Djvu, and bother .moka and .repl are variants of STOP/Djvu. Decryption is only possible for files that have offline ID's, and only once we've been given the private key by a victim with an offline ID who has pair the ransom.

It's impossible to decrypt files that have online ID's.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

Zdravo Slobodan

I recommend leaving for the future. Sometimes malware and ransomware distributors shut down their projects and release keys so they can be applied. There is only a 1-2 out of 100 chance that this will happen, but it is not 0. 

 

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
19 hours ago, Slobodan Stanković said:

for files that are infected with an online ransomware with .moka and .repl extensions, there is no chance that a decryptor will be done and that I can delete them.

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 01/15/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...