Masterkey infected ransomware

My masterkey and vault file infected with STOP (Djvu) ransomware and it has the extension .mmuz, how to fix it?

Hey and welcome to the Cryptomator Community :slightly_smiling_face:,

So in the end, you have now encrypted your files twice. The best way to recover from this is to use a backup of your vault or data inside the vault, have you made one?

I didn’t make the safe twice. vault formed from desktop after update to v1.7 if I remember correctly. So that I have two access namely masterkey and vault.

But the problem is, both files for access (masterkey and vault) are infected with ransomware, so all files have the .mmuz extension. And now I can’t access files encrypted by the cryptomator.

Have you saved a recovery key of the vault somewhere? Password And Recovery Key — Cryptomator 1.6.0 documentation
If indeed only the vault config and the masterkey file were encrypted, you could use it to restore the vault.

You don’t use a cloud that could restore an old state of those files or the complete vault?

Looks like I didn’t generate a recovery key before.

“If indeed only the vault config and the masterkey file were encrypted, you could use it to restore the vault.” Can this be accessed even if the vault and masterkey have the extension .mmuz? Or should I just remove the .mmuz extension?

I think it is encrypted so removing the extension shouldn’t be enough but you can check it, open this file in a file browse, if the file contains just garbage it is encrypted, if it shows a structure similar to this, you can remove the extension and you should be able the unlock the vault again:

       │ File: masterkey.cryptomator
   1   │ {
   2   │   "version": 999,
   3   │   "scryptSalt": "tZgjqx/HeP4=",
   4   │   "scryptCostParam": 32768,
   5   │   "scryptBlockSize": 8,
   6   │   "primaryMasterKey": "WGyygnl+wX5xpIZSPli2tNNaKzw026/Ag4D4FBiIzmipuVgMCxe3+w==",
   7   │   "hmacMasterKey": "ZoiQPF3uKhUjOzFKAbgVRycjkffNupKRLkoKsNjOgdej9n4GPr+Msw==",
   8   │   "versionMac": "8zHqJ3l1e+DMGfnPKoXX379yN34ouLgtoJJPDm9B+BA="
   9   │ }

Thanks, I’ll try. Hope this work.

I managed to restore the masterkey and vault files (screnshot_5). however when I try to open it, the encrypted files don’t show up on the virtual drive (screenshot_6). When I tried to repair the folder whit Directory Check (screenshot_7), it worked and cryptomator created a CRYPTOMATOR RECOVERY folder with the contents of files I didn’t recognize (screenshot_8).


How to fix it?