Slobodan Stanković 0 Posted July 17, 2020 Report Share Posted July 17, 2020 I've had a problem with ransomver with extension.moka for a year now. Are you building on a descriptor for it? Quote Link to post Share on other sites
GT500 853 Posted July 18, 2020 Report Share Posted July 18, 2020 .moka was known to have been a variant of STOP/Djvu first seen on September 5th, 2019. Without more information I can't say for certain if that's what your files were encrypted by, however we do have a decrypter for it that will work for some victims. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Slobodan Stanković 0 Posted July 18, 2020 Author Report Share Posted July 18, 2020 The decryptor you suggested cannot remove ransomware with the .moka extension Quote Link to post Share on other sites
GT500 853 Posted July 19, 2020 Report Share Posted July 19, 2020 What did the decrypter say? Quote Link to post Share on other sites
Slobodan Stanković 0 Posted July 20, 2020 Author Report Share Posted July 20, 2020 Say: Notice: this ID appears to be an online ID, decryption is impossible Quote Link to post Share on other sites
GT500 853 Posted July 21, 2020 Report Share Posted July 21, 2020 9 hours ago, Slobodan Stanković said: Say: Notice: this ID appears to be an online ID, decryption is impossible Then decryption is impossible. At least it's impossible without the private key for your ID, and only the criminals have that. Quote Link to post Share on other sites
Slobodan Stanković 0 Posted July 21, 2020 Author Report Share Posted July 21, 2020 Is there any hope of making a decryptor for extensions.moka and repl? I don't want to pay a penny to criminals. Quote Link to post Share on other sites
GT500 853 Posted July 22, 2020 Report Share Posted July 22, 2020 16 hours ago, Slobodan Stanković said: Is there any hope of making a decryptor for extensions.moka and repl? I don't want to pay a penny to criminals. We already have a decrypter, but it isn't actually possible to decrypt files that have been encrypted by newer versions of STOP/Djvu without having the private keys for the files, and only the criminals have access to the private keys. Quote Link to post Share on other sites
Slobodan Stanković 0 Posted July 23, 2020 Author Report Share Posted July 23, 2020 Does that mean you have a decryptor for .moka extension and you don't have a .repl? Quote Link to post Share on other sites
GT500 853 Posted July 24, 2020 Report Share Posted July 24, 2020 17 hours ago, Slobodan Stanković said: Does that mean you have a decryptor for .moka extension and you don't have a .repl? We have a decrypter for STOP/Djvu, and bother .moka and .repl are variants of STOP/Djvu. Decryption is only possible for files that have offline ID's, and only once we've been given the private key by a victim with an offline ID who has pair the ransom. It's impossible to decrypt files that have online ID's. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Slobodan Stanković 0 Posted July 27, 2020 Author Report Share Posted July 27, 2020 Hello, just this and I will not bother you anymore: If I understood you correctly, for files that are infected with an online ransomware with .moka and .repl extensions, there is no chance that a decryptor will be done and that I can delete them. Quote Link to post Share on other sites
Amigo-A 136 Posted July 27, 2020 Report Share Posted July 27, 2020 Zdravo Slobodan I recommend leaving for the future. Sometimes malware and ransomware distributors shut down their projects and release keys so they can be applied. There is only a 1-2 out of 100 chance that this will happen, but it is not 0. Quote Link to post Share on other sites
GT500 853 Posted July 28, 2020 Report Share Posted July 28, 2020 19 hours ago, Slobodan Stanković said: for files that are infected with an online ransomware with .moka and .repl extensions, there is no chance that a decryptor will be done and that I can delete them. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.