Amigo-A

Visiting Expert
  • Content Count

    1001
  • Joined

  • Last visited

  • Days Won

    17

Amigo-A last won the day on November 26

Amigo-A had the most liked content!

Community Reputation

44 Excellent

3 Followers

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL
    https://id-ransomware.blogspot.com/

Profile Information

  • Gender
    Male
  • Location
    3st station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

2555 profile views
  1. Hello @benz Your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. This is only necessary so that the user is not mistaken with the same files of decryptor.
  3. @MohammedEid Files that were encrypted by 'STOP Ransomware' can only be decrypted if they were encrypted without contact with the ransomware server (offline). One condition for decryption is the presence of a decryption key. If there is no such key, then decryption is not possible, even if an offline key was used. You can find out the details in a special topic. Some files can only be partially encrypted. For example, files that are inside an archive can be extracted. In this case, only 1-2 files at the beginning of the alphabet list will be encrypted or damaged. There are reports from the victims that some music files and video files are being played, but I did not specify or remember what formats these are. This is a big burden for me, considering that I work with thousands of ransomware and very big quantity affected users around the world. See the 1st link in the signature.
  4. @MohammedEid Have you tried removing the .right extension to try to open and view the file in your program? If you haven’t tried, make a copy and try to open this copy in this way.
  5. @Muhammed Yes, the amount that extortionists require is large, not only for students. Files that were encrypted by 'STOP Ransomware' can only be decrypted if they were encrypted without contact with the ransomware server (offline). One condition for decryption is the presence of a decryption key. If there is no such key, then decryption is not possible, even if an offline key was used. You can find out the details in a special topic. Under this condition, your ID looks like an "online ID". This is the newest variant 'STOP Ransomware' and decryption keys have not yet been found for it. But... Extortionists can change the conditions at any time. Now you need to save the encrypted files and ransomware notes. Collect them in a safe place without sorting. Let them be in their places. Sometimes different encryption keys can be used to encrypt files. https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu You will need to be download and run the decoder after each new version of Emsisoft decryptor. Perhaps something will change for the better. There is no other way to return your files if you do not pay the ransom. Some files can only be partially encrypted. For example, files that are inside an archive can be extracted. In this case, only 1-2 files at the beginning of the alphabet list will be encrypted or damaged. There are reports from the victims that some music files and video files are being played, but I did not specify or remember what formats these are. This is a big burden for me, considering that I work with thousands of ransomware and very big quantity affected users around the world. See the 1st link in the signature.
  6. Some files can only be partially encrypted. For example, files that are inside an archive can be extracted. In this case, only 1-2 files at the beginning of the alphabet list will be encrypted or damaged. There are reports from the victims that some music files and video files are being played, but I did not specify or remember what formats these are. This is a big burden for me, considering that I work with thousands of ransomware and very big quantity affected users around the world. See the 1st link in the signature.
  7. Under this condition, your ID looks like an "online ID". This is the newest variant 'STOP Ransomware' and decryption keys have not yet been found for it. But... Extortionists can change the conditions at any time. Now you need to save the encrypted files and ransomware notes. Collect them in a safe place without sorting. Let them be in their places. Sometimes different encryption keys can be used to encrypt files. https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu You will need to be download and run the decoder after each new version of Emsisoft decryptor. Perhaps something will change for the better. There is no other way to return your files if you do not pay the ransom.
  8. Hello @Zoran Files that were encrypted by 'STOP Ransomware' can only be decrypted if they were encrypted without contact with the ransomware server (offline). One condition for decryption is the presence of a decryption key. If there is no such key, then decryption is not possible, even if an offline key was used. You can find out the details in a special topic.
  9. It is important to always use the latest version of anti-virus protection of Internet Security class or higher. Very often, users find somewhere re-patched version, where hackers made changes that would will critical at the time of the attack. Unfortunately, this is very common when users do not want or cannot buy an antivirus product on the official website.
  10. You need to try downloading the new version of the Emsisoft decryptor. But first, delete the previous one.
  11. The ID has a t1 so why won't the encryptor work? List of variants of STOP Ransomware, for which offline keys were received (to today) 0156: .gero 0157: .hese 0159: .seto 0160: .peta 0161: .moka 162: .meds 0163: .kvag 0164: .domn 0165: .karl 0166: .nesa 0168: .noos 0169: .kuub 0170: .reco 0171: .bora 0173: .nols 0174: .werd 0175: .coot 0176: .derp 0178: .meka 0179: .toec 0180: .mosk 0181: .lokf 0182: .peet 0183: .grod 0184: .mbed 0185: .kodg 0186: .zobm 0188: .msop 0189: .hets
  12. In May of this year there was already a case with the same Rapid variant. --- You can to create a decryption request in DrWeb and provide Rapid-encrypted files and a ransom note file How Recovery Files.txt. http://legal.drweb.com/encoder/?lng=en http://legal.drweb.ru/encoder/?lng=ru For request of test-decryption, you do not need to make an advance payment. It's free. But in practice there is no hope of decrypting files after double encryption and after Phobos in particular.
  13. First, your files were encrypted by Phobos Ransomware and received the extension .id[48DD8B75-2415].[[email protected]].Caley Then your files were encrypted by Rapid Ransomware and got the extension .no_more_ransom
  14. To create a decryption request in DrWeb and provide encrypted files and a ransom note file is easy for everyone to do. http://legal.drweb.com/encoder/?lng=en http://legal.drweb.ru/encoder/?lng=ru For request of test-decryption, you do not need to make an advance payment. It's free. I am very busy with work, therefore I will not do it in your place. 😃