Jump to content

quietman7

Visiting Expert
  • Content Count

    66
  • Joined

  • Last visited

  • Days Won

    1

quietman7 last won the day on November 4 2020

quietman7 had the most liked content!

Community Reputation

3 Neutral

1 Follower

About quietman7

  • Rank
    Active Member

Profile Information

  • Gender
    Not Telling
  • Location
    Virginia

Recent Profile Visitors

4122 profile views
  1. The .npph extension is a newer variant of STOP (Djvu) Ransomware...decryption of data requires an OFFLINE KEY with corresponding private key. If infected with an ONLINE KEY, decryption is impossible without the victim’s specific private key...these keys are unique for each victim and randomly generated in a secure manner. Emsisoft cannot help decrypt files encrypted with the ONLINE KEY due to the type of encryption used by the criminals and the fact that there is no way to gain access to the criminal's command server and retrieve this KEY.
  2. The OFFLINE KEY is a hard-coded built-in encryption key that is used if the malware failed to get an ONLINE KEY from it's command and control servers while you were online at the time the ransomware encrypted your files. If the malware is able to reach it's command server it will obtain and use a random ONLINE KEY. ONLINE KEYs are unique for each victim and randomly generated in a secure manner. That means there is no way to decrypt files if infected with an ONLINE KEY without paying the ransom and obtaining the private keys from the criminals who created the ransomware. There is m
  3. New STOP (Djvu) variants are impossible to decrypt without paying the criminals for that victim’s specific private key if infected by an ONLINE KEY....these keys are unique and randomly generated in a secure manner. ONLINE ID's for new STOP (Djvu) variants are not supported by the Emsisoft Decryptor. If infected with an ONLINE ID, the Emsisoft Decryptor will indicate there is "no key" for this variant under the Results Tab and note it is impossible to decrypt. There is more information in the Emsisoft STOP/Djvu Decryptor FAQs:.
  4. Are there any obvious file extensions appended to your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Is there an ID number with random hexadecimal characters (.id-A04EBFC2, .id[4D21EF37-2214]) or an ID number with an email address (.id-BCBEF350.[<email>], .id[7A9B748C-1104].[<email>]) preceding the extension? Did you find any ransom notes? If so, what is the actual name of the ransom note? Can you provide (copy & paste) the ransom note contents in your next reply? You can also submit (upload) sample
  5. Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About Ransomware statistics for 2019: Q2 to Q3 report: Most commonly reported ransomware strains
  6. @ dinho As I noted to you (dinho2020) at another security forum site...please do not post active links to possible malware (malicious files), including links which may lead to sites where infections have been contracted and spread. If it is malicious, we don't want other members accidentally clicking on such links and infecting their machines. All such links will be removed to protect other members reading our forum topics.
  7. Unfortunately, there is no known method to decrypt files encrypted by any Phobos Ransomware variants without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.
  8. Ransomware victims should always ensure they are using the correct decryptor tool before attempting to decrypt their files. Using an incorrect or faulty decryptor may damage or further corrupt the encrypted files, thus decreasing your chances for recovering data.
  9. More information is needed to determine specifically (confirm) what infection you are dealing with since there are so many different types of crypto malware (file encrypting ransomware). Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with, the type and strength of encryption used by the malware writers and a variety of other factors as explained here. Did you find any ransom notes and if so, what is the actual name of the ransom note? Can you provide (copy & paste) the ransom note contents? Did the cyber-criminals provide a
  10. The .Adame extension has been used by both Phobos and a Scarab variant. Files encrypted by Phobos will have an <ID>-<id> with 8 random hexadecimal characters>.[<email>] followed by the .Adame extension as explained here by Amigo-A (Andrew Ivanov). <filename>.<extension>.id[F6593DDC-2275].[[email protected]].Adame <filename>.<extension>.id[70C80B9F-1127].[[email protected]].Adame <filename>.<extension>.id[AE9AE1C0-2275].[[email protected]].Adame If it does not have the <ID>-<id> with 8 random hexade
  11. You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) here for Demonslay335 (Michael Gillespie) to archive your information.
  12. Any files encrypted with the .kiratos extension are related to a newer variant of STOP (DJVU) Ransomware. Please read the first page here for a summary of this ransomware, it's variants and possible decryption solutions with instructions AND the ***IMPORTANT: @ ALL VICTIMS.... note at the top. "Before asking questions...PLEASE READ these Frequently Asked Questions (FAQs)." You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above topic if STOPDecrypter is unable to decrypt your files so the deve
  13. Any files encrypted with the .kiratos extension are related to a newer variant of STOP (DJVU) Ransomware. Please read the first page here for a summary of this ransomware, it's variants and possible decryption solutions with instructions AND the ***IMPORTANT: @ ALL VICTIMS.... note at the top. "Before asking questions...PLEASE READ these Frequently Asked Questions (FAQs)." You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above topic if STOPDecrypter is unable to decrypt your files so the deve
  14. Any files encrypted with the .hrosas extension are related to a newer variant of STOP (DJVU) Ransomware. Please read the first page here for a summary of this ransomware, it's variants and possible decryption solutions with instructions AND the ***IMPORTANT: @ ALL VICTIMS.... note at the top. "Before asking questions...PLEASE READ these Frequently Asked Questions (FAQs)." You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above topic if STOPDecrypter is unable to decrypt your files so the devel
×
×
  • Create New...