Jump to content

Amigo-A

Visiting Expert
  • Posts

    2466
  • Joined

  • Last visited

  • Days Won

    63

Everything posted by Amigo-A

  1. Hello @Anirban There are 't1' characters at the end of the identifier, this usually means that the 'offline ID' is being used and the files can be decrypted in the future when the decryption key for this variant is loaded into the 'Emsisoft Decryptor'. This event depends on the voluntary transfer of the key by someone who bought the key from the extortionists. This may happen or may never happen. The appearance of a new key is not reported anywhere. The work is done every day. It is recommended to save the encrypted files on an external drive, download the 'Emsisoft Decryptor' once a week and check the decryption capability.
  2. @Alexei Asfaduroff Только после обезвреживания всех вредоносных файлов можете сделать следующее. Это не расшифровка, это восстановление определенных типов файлов с использованием их возможностей. 1) Если у вас есть зашифрованные ZIP / RAR архивы, вы можете частично их восстановить. Там повреждены всего 1-2 файла. Удалите расширение, которое шифратор добавил в архивы, и извлеките файлы обычным способом. Все, кроме 1-2 файлов, будет исправлено. Если в архиве всего 1 файл, то, скорее всего, его не вернуть. 2) Есть альтернативный (дополнительный) способ восстановления некоторых медиафайлов: WAV, MP3, MP4, M4V, MOV, 3GP. Ссылка на сайт: https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp Но прежде чем его пробовать, рекомендуется сделать копию зашифрованных файлов. Что-то восстановится лучше, что-то хуже. Некоторые типы файлов можно восстановить с помощью приложения, в котором они были созданы. Для этого надо сначала удалить расширение, добавленное шифратором. Затем можно попробовать открыть файл из родной программы. Если открыть аудио и видео файлы в редакторе, то он восстановит структуру, а при закрытии предложит сохранить изменения. 3) Если у вас есть PDF-файлы или файлы других электронных книг, они могли лишь частично пострадать, если ранее не были защищены от ручной модификации. Поэтому после удаления добавленного расширения их можно частично прочитать (~ 80%). Если PDF-документы были защищены, то после шифрования они превратились в кашу. К сожалению, восстановить файлы, созданные в MS Office, пока невозможно из-за их чувствительности к какому-либо повреждению. Их легко повредить без шифрования. Текст, написанный на бумаге или на камне, легче восстанавливать и читать, чем текст, созданный в MS Office. Альтернативного метода для других файлов пока не найдено. Я понимаю, что этого мало, но лучше восстановить некоторые файлы, чем все потерять ...
  3. @Alexei Asfaduroff Привет, Алексей. Судя по личным данным, вы знаете русский язык, потому лучше будет ответить вам персонально. English version. Если дешифратор сообщил вам, что файлы невозможно расшифровать, то так оно и есть. У вас online ID, ключ шифрования был создан онлайн и использовался для шифрования. Человеческой жизни не хватит на перебор. Но в будущем теоретически вымогатели могут опубликовать ключи ко всем своим жертвам. Это случается не часто, но в этом году мы видели такие случаи несколько раз. Поэтому зашифрованные файлы не нужно удалять. Сохраните их на внешнем диске, на будущее, хотя бы на пару лет и уберите на полку. После этой атаки на ПК могли остаться другие вредоносные элементы. Это могут быть инфовор, майнер, бэкдор и что-то еще. Поэтому необходимо срочно сделать проверку ПК и уничтожить вредоносное ПО. Например, комплексным антивирусным Emsisoft Anti-Malware. Вы можете получить бесплатную полнофункциональную 30-дневную версию Emsisoft Anti-Malware здесь: https://www.emsisoft.com/en/home/antimalware/
  4. This is not a bug. This is the program's response. I offered the developer to change this phrase, but he doesn't have time to make drastic changes code. Copy the entire decryptor response and paste it into the message.
  5. Hello @koykasbls, This is a "random" extension. Some program ransomware adds it to make it difficult to identify the ransomware. You need to add in the archive several encrypted files of different types (text, picture) and attach it to the message. If the size will exceed 10 MB, then use any site to share files, upload, and give us the download link. I recommend this site, it is secure and you can simply drag and drop files into the window without adding any of your personal information.
  6. Your case is analogical. It is also impossible to decrypt files. If there were "t1" characters at the end of the ID, there would be a chance to decrypt the files after receiving the decryption key from a generous volunteer who paid the ransom. --- Please read my recommendations above. You can try to return only some types of files. There is no other way yet. If someone on some site claims that he can decrypt the files, then he is lying or colluding with the extortionists, receiving a share of the ransom, or sharing with them himself.
  7. Only after neutralizing all malicious files ... This is not the decryption, it is the recovery of certain types of files using the features of these files. 1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable. 2) There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file. 3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%). Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office. An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than to lose everything...
  8. What to do? Everything is lost? No, there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times. Why did this happen? This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat. If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks. There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware. Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ It will help you clean your PC from other malware for free. !!! You need to neutralize all malicious files in the system. This should be done as quickly as possible.
  9. We usually recommend reading this article first. If you download an Emsisoft Decryptor, it will tell you if your files can be decrypted.
  10. Hello. In this section of the forum, you need to provide a ransom note (and different, if any) and several encrypted files in the zip archive. This way we can try to identify the ransomware that encrypted the files. All available variants are collected here. To date, the 'STOP Ransomware' variant that adds the .stax extension to the encrypted file is one of the new ones.
  11. Hello. Description: LokiLocker Ransomware Not yet added to the 'ID-Ransomware' service and is not identified.
  12. Hello First, you need to read the manual on the subject. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. Hello First, you need to read the manual on the subject. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. What to do? Everything is lost? No, there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times. Why did this happen? This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat. If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks. There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware. Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ It will help you clean your PC from other malware for free. !!! You need to neutralize all malicious files in the system. This should be done as quickly as possible.
  15. Hello @Manoj1986 Yes. There are 't1' characters at the end of the identifier, this usually means that the 'offline ID' is being used and the files can be decrypted in the future when the decryption key for this variant is loaded into the 'Emsisoft Decryptor'. This event depends on the voluntary transfer of the key by someone who bought the key from the extortionists. This may happen or may never happen. The appearance of a new key is not reported anywhere. The work is done every day. It is recommended to save the encrypted files on an external drive, download the 'Emsisoft Decryptor' once a week and check the decryption capability.
  16. What to do? Everything is lost? No, there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times. Why did this happen? This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat. If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks. There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware. Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ It will help you clean your PC from other malware for free. !!! You need to neutralize all malicious files in the system. This should be done as quickly as possible.
  17. Hello @D ghosh There are 't1' characters at the end of the identifier, this usually means that the 'offline ID' is being used and the files can be decrypted in the future when the decryption key for this variant is loaded into the 'Emsisoft Decryptor'. This event depends on the voluntary transfer of the key by someone who bought the key from the extortionists. This may happen or may never happen. The appearance of a new key is not reported anywhere. The work is done every day. It is recommended to save the encrypted files on an external drive, download the 'Emsisoft Decryptor' once a week and check the decryption capability.
  18. What to do? Everything is lost? No, there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times. Why did this happen? This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat. If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks. There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware. Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ It will help you clean your PC from other malware for free. !!! You need to neutralize all malicious files in the system. This should be done as quickly as possible.
  19. Hello @Harshpatel There are 't1' characters at the end of the identifier, this usually means that the 'offline ID' is being used and the files can be decrypted in the future when the decryption key for this variant is loaded into the 'Emsisoft Decryptor'. This event depends on the voluntary transfer of the key by someone who bought the key from the extortionists. This may happen or may never happen. The appearance of a new key is not reported anywhere. The work is done every day. It is recommended to save the encrypted files on an external drive, download the 'Emsisoft Decryptor' once a week and check the decryption capability.
  20. Only after neutralizing all malicious files ... This is not the decryption, it is the recovery of certain types of files using the features of these files. 1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable. 2) There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file. 3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%). Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office. An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than to lose everything...
  21. Hello @xXsmilesXx You need to use a translator https://translate.google.com/ What to do? Everything is lost? No, there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times. Why did this happen? This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat. If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks. There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware. Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ It will help you clean your PC from other malware for free. !!! You need to neutralize all malicious files in the system. This should be done as quickly as possible.
  22. Hello @sassykman In short, you need to download the Emsisoft Decoder and run it. He will check the decryption capability and tell you the result. If you have any questions, please let us know and I will offer you an alternative way to get your files back without decryption. You can also read about this method at the following link in my post.
  23. Only after neutralizing all malicious files ... This is not the decryption, it is the recovery of certain types of files using the features of these files. 1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable. 2) There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file. 3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%). Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office. An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than to lose everything...
  24. General recommendation for Jackorta1, jejegaol What to do? Everything is lost? No, there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times. Why did this happen? This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat. If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks. There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware. Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ It will help you clean your PC from other malware for free. !!! You need to neutralize all malicious files in the system. This should be done as quickly as possible.
  25. Hello, @jejegaol. There are 't1' characters at the end of the identifier, this usually means that the 'offline ID' is being used and the files can be decrypted in the future when the decryption key for this variant is loaded into the 'Emsisoft Decryptor'. This event depends on the voluntary transfer of the key by someone who bought the key from the extortionists. This may happen or may never happen. The appearance of a new key is not reported anywhere. The work is done every day. It is recommended to save the encrypted files on an external drive, download the 'Emsisoft Decryptor' once a week and check the decryption capability.
×
×
  • Create New...