• Content Count

  • Joined

  • Days Won


Everything posted by cybermetric

  1. Recently. Run the Emsisoft decrypter on your files.
  2. What is the id? If your files were encrypted by an offline key, the Emsisoft decrypter will recover your files, WHEN/IF Emsisoft is able to recover the offline/private key. Suggest you run the decrypter on a test bed of encrypted files every week or so.
  3. The OP is probably using an earlier version of the Emsisoft decrypter - he needs to be on V That problem was corrected in an update.
  4. The offline ID for .msop is d8TwbCMGuw5Ei5PlymKj0pldFtsUYeGxci3YGlbt1 - .msop It is NOT the same as yours.
  5. Well, the ID you posted is the offline ID for this variant, and Emsisoft has recovered the offline/private key for .vawe. So, if you ran the decrypter on all of your files and none were decrypted, (you got the 'decryption is impossible' message), all were encrypted by an online key, and the decrypter cannot help you.
  6. You should run the Emsisoft decrypter now.
  7. The link is: The latest version is You don't have to download a new decrypter every time - it very seldom changes. The information about the offline keys is stored in the Emsisoft server, not in the decrypter.
  8. There should be no danger. You have to be connected to the internet for the decrypter to do it's job. It has to contact the Emsisoft server which has the offline keys in its database.
  9. Run it now. The offline key for the .covm variant has been recovered by Emsisoft.
  10. @allenpaul: The file you uploaded to Sendspace is NOT encrypted. If I remove the .covm extension and replace it with .jpg, the file dsplays a picture about
  11. That kind of a response from the decrypter usually indicates that the file is not encrypted. I cannot access the file - Emsisoft doesn't allow it. Upload it to sendspace or the equivalent and post the link here. By the way, what kind of a file is this COVM.covm? You are missing the extension for the file type - pdf, doc, txt, and so on. Why would you have a file named COVM.covm anyway?
  12. What does the decrypter say about those files? Does it say this: No key for New Variant online ID: brzGonoHEO8LfAV4n6zPrFprfPw6cMCbE5fDNTWy (just an example, yours will be different).Notice: this ID appears to be an online ID, decryption is impossible If so, the files were encrypted by an online key and are not decryptable.
  13. That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key. Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries. Suggest you run the decrypter NOW.
  14. You must be connected to the internet when running the Emsisoft decrypter. It has to check with the Emsisoft server for recovered offline keys.
  15. No. It applies to all of the 'new djvu' variants which first appeared in the middle of August 2019, almost all of which have 4 letter extensions. That would include the latest, .koti
  16. His files were encrypted by an offline key. The Emsisoft decrypter cannot recover files encrypted by .mado with an online key.
  17. This is the offline ID for the .btos STOP variant - offline/private key has not been recovered.
  18. You don't have just a double encryption - you have a triple encryption, blower.fwgyqk.blower. If all of your files have that extension, it's unlikely that you will recover them.
  19. This isn't a key. It's the identifier that STOP ransomware places at the end of files it has encrypted. It is useless for decryption.
  20. The personal ID you posted may well be for the .mado variant. However, the other ID (from the 'error' message) is the offline ID for the .derp variant. You should be able to get some files decrypted IF they only have the .derp extension.
  21. Emsisoft doesn't "create the decrypter". Someone needs to pay the ransom, get the private key, decrypt his files, and donate the private key to Emsisoft, and they, in turn, add it to their server database. The decrypter checks with the server, and uses the key to decrypt files encrypted by an offline key. You didn't bother to tell us which variant your files are encrypted with. .jope? What's your personal ID?
  22. That offline ID is not for the .mado variant - he must have (or had) a second STOP encryption (.derp??)
  23. The link should probably be deleted. My Sophos AV snuffed the file as soon as I opened the zip archive.
  24. This is unrelated to the .lalo STOP variant, and is an entirely different ransomware. What is the COMPLETE extension added to your files?