Kaspersky
Solved

Is moqs ransomware decryption tool available? [MOVED]


Please help me. My files are encrypted by moqs ransomware. Need to decrypt them.. Does anyone have the solution for it? 

icon

Best answer by Danila T. 28 July 2021, 07:48

Please help me. My files are encrypted by moqs ransomware. Need to decrypt them.. Does anyone have the solution for it? 

Hello,

The files have been encrypted by a modification of Trojan-Ransom.Win32.Stop.
Unfortunately, decryption of the files affected by this malware variant is not possible at the moment.

View original

14 replies

Userlevel 7
Badge +8

@midhoo

Welcome.

Please see this :

https://noransom.kaspersky.com/  (*)

https://support.kaspersky.com/us/14844 

https://www.kaspersky.com/blog/no-no-ransom/13364/ 

https://www.nomoreransom.org/en/decryption-tools.html

https://id-ransomware.malwarehunterteam.com/ 


(*) “Ask for the tech support (only for Kaspersky’s paid products customers)”

 

Also, in a lot of cases files can't be decrypted without the private key that is only known by the attacker.

Please help me. My files are encrypted by moqs ransomware. Need to decrypt them.. Does anyone have the solution for it? 


I also attacked by ransomware, and all my files locked as .moqs extension. Please help us to decrypt it. 

Userlevel 7
Badge +8

@wanra Welcome.Please see the post above your post.

Userlevel 7
Badge +5

Hello,

Do you have the ransomware sample?

Regards

@wanra Welcome.Please see the post above your post.

Hi @Berny, I have checked your previous post, and the steps have been tried before. However, I can not recover all files. Some guideline are also found at YouTube, but they used system restore. And poor for me, about 3 weeks before being attacked, I had turned off the system restore.

Userlevel 7
Badge +8

@wanra Rolling back to a restore point is not a guarantee to get back your files. Restoring  personal data from an external disconnected device on a clean/fresh operating  system is another option.

Hello,

Do you have the ransomware sample?

Regards

Hi @Wesly.Zhang,

Please find the sample as the link below : 
https://drive.google.com/drive/folders/1nfP833vfKxMJyTwTL4HcUV8-87uqfOpO?usp=sharing 
._readme is message of attacker and other is .xlsx file that locked by .moqs extension.

Hope we can get solution, and also all DJVU ransomeware can destroyed
Thanks before

Userlevel 7
Badge +5

Hello,

Do you have the ransomware sample?

Regards

Hi @Wesly.Zhang,

Please find the sample as the link below : 
https://drive.google.com/drive/folders/1nfP833vfKxMJyTwTL4HcUV8-87uqfOpO?usp=sharing 
._readme is message of attacker and other is .xlsx file that locked by .moqs extension.

Hope we can get solution, and also all DJVU ransomeware can destroyed
Thanks before


Hello,

I see this file you have attached in google driver is a infected file ,not ransomware original file (maybe a exe, xls, word file with vba script).

Regards.

 

Hello,

Do you have the ransomware sample?

Regards

Hi @Wesly.Zhang,

Please find the sample as the link below : 
https://drive.google.com/drive/folders/1nfP833vfKxMJyTwTL4HcUV8-87uqfOpO?usp=sharing 
._readme is message of attacker and other is .xlsx file that locked by .moqs extension.

Hope we can get solution, and also all DJVU ransomeware can destroyed
Thanks before


Hello,

I see this file you have attached in google driver is a infected file ,not ransomware original file (maybe a exe, xls, word file with vba script).

Regards.

 

This link contains an original and an infected file. Both are the same file. Hope this helps.https://drive.google.com/drive/folders/1iD_gI-BLISvjxyKMvnGWqNcCJMdiYdus?usp=sharing

Hello,

Do you have the ransomware sample?

Regards

Hi @Wesly.Zhang,

Please find the sample as the link below : 
https://drive.google.com/drive/folders/1nfP833vfKxMJyTwTL4HcUV8-87uqfOpO?usp=sharing 
._readme is message of attacker and other is .xlsx file that locked by .moqs extension.

Hope we can get solution, and also all DJVU ransomeware can destroyed
Thanks before


Hello,

I see this file you have attached in google driver is a infected file ,not ransomware original file (maybe a exe, xls, word file with vba script).

Regards.

 

 

I have the same problem with moqs extension and I still haven't found a solution
Userlevel 7
Badge +6

Please help me. My files are encrypted by moqs ransomware. Need to decrypt them.. Does anyone have the solution for it? 

Hello,

The files have been encrypted by a modification of Trojan-Ransom.Win32.Stop.
Unfortunately, decryption of the files affected by this malware variant is not possible at the moment.

@Wesly.Zhang 
Yes, the files on g.drive are indeed an infected file. I have successfully removed that ransomware. The problems, we can not open the locked files.

Please help me. My files are encrypted by moqs ransomware. Need to decrypt them.. Does anyone have the solution for it? 

Hello,

The files have been encrypted by a modification of Trojan-Ransom.Win32.Stop.
Unfortunately, decryption of the files affected by this malware variant is not possible at the moment.

@Danila T. 

Thanks for your answer. Hope to near future, Kaspersky have the descriptor for this infected files.

Stay safe, stay healthy.
Regards,
wanra

Userlevel 7
Badge +6

@wanra 

If it appears, we will update this topic. 

Reply