Jump to content

Any news about Maas ransomware

Recommended Posts


1- I learned that "A decryptor tool for ZQ ransomware uses Salsa20 and RSA-1024 algorithms to encrypt victims’ files. is now available for free" created and discovered by a security researcher Michael Gillespie 

released by both Emsisoft and Avast

is that mean that there is hope or chance to decrypt maas ransomware with online id as it uses the same Salsa20 and RSA encryption , or it is impossible at all since the key for decryption is online ID ( owned by criminals' server only )

2- What about these videos I watched on YOUTUBE yesterday ? is there really such tools which can decrypt any type of file ( even if encryption uses online id ) ?

Since you are one of the companies & websites I trust and you are reliable reference , I need your opinion and evaluation about these tools which spread on youtube ( with all respects to all channels and videos on youtube ) .

Thanks a lot

best regards

Edited by GT500
Removed YouTube videos.
Link to post
Share on other sites

Don't trust random videos or articles that you find online for help. They usually get things wrong, and often don't give good advise. For instance, there is no decrypter that can decrypt "any type of file". Stick to advise from experts, and when in doubt make sure your source of information is one of the partners of the NoMoreRansom project as they will be the most likely to have reliable information about ransomware and how to decrypt files.

As for the ransomware that uses the .maas extension, it is more than likely the STOP/Djvu ransomware. It does use Salsa20 encryption, however newer variants (starting near the end of August 2019 and newer) use RSA keys which are impervious to most forms of attacks, and in order to decrypt files that have been encrypted by newer variants of STOP/Djvu (like .maas) we would need the private key for your ID. Unfortunately only the criminals who made/distributed the ransomware have access to the private keys, and we can only decrypt files in those cases if the ransomware was unable to connect to its command and control servers and used an offline ID and public key when encrypting files, and even then we can only decrypt such files after a victim who has an offline ID has paid the ransom and sends us the decrypter the criminals sent them so we can extract the private key.

There is more information at the following link:

Link to post
Share on other sites
18 hours ago, saerdib said:

Sir , if there is any update on my case , please notify me

Unfortunately it won't be possible to notify everyone if there is any news about ways to decrypt/recover files. We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...