Jump to content

A new ransomware with .moia extension attacked my files 2 days ago and its an online id anyone can help?

Recommended Posts

A running Emsisoft Decryptor will most likely tell you that it does not have a key and that decryption is not possible because the encryption key was generated on the ransomware server and transferred to the computer to encrypt the files. It cannot be hacked by listing all the combinations for the entire period of a person's life.

Next, I'll tell you what you should do as soon as possible and how else you can try to get some files back.

What to do? Everything is lost?
If there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times.

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that the computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.

There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe be an info-stealer, miner, backdoor, and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

!!! You need to neutralize all malicious files in the system. This should be done as quickly as possible. 

Link to comment
Share on other sites

Only after neutralizing all malicious files ...

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.


But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on stone than one created in MS Office.

An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than losing everything...

Link to comment
Share on other sites

6 hours ago, Sami Baloch said:

i have many kind of files most of them are zip.

Drop some zip archives on the file exchange site and give me the link.
If you have files in JPG / JPEG format, you can also send me 1 folder with such files.
I will try to process them with another unpublished (experimental) method. 

  • Like 1
Link to comment
Share on other sites

After patience today i just saved some of my files almost 40% of them which were not effected yet (can be open simply changing the extension) And stored some very important encrypted files too maybe they can be decryptable in future. after removing all ransomware along with other encrypted files i installed a fresh window and scaned it. its better than doing nothing or waiting. now at least my work is on as well. its request to all that please make backup of your important files or make secure your pc for ransomware attack.

thanks for help!

  • Upvote 1
Link to comment
Share on other sites

On 12/3/2021 at 11:29 PM, Amigo-A said:

Drop some zip archives on the file exchange site and give me the link.
If you have files in JPG / JPEG format, you can also send me 1 folder with such files.
I will try to process them with another unpublished (experimental) method. 

Interesting :o can I send some of my encrypted .zip files (.orkf) to you for analyzing and eventually finding solution :rolleyes:.

Link to comment
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...