cybermetric

Member
  • Content Count

    37
  • Joined

  • Days Won

    2

Posts posted by cybermetric


  1. 11 minutes ago, Enoch said:

    It seems to be identified as an online key. so decryption is impossible :c I still used the decryption tool so i will wait until i get an answer.

    Well, the ID you posted is the offline ID for this variant, and Emsisoft has recovered the offline/private key for .vawe.

    So, if you ran the decrypter on all of your files and none were decrypted, (you got the 'decryption is impossible' message), all were encrypted by an online key, and the decrypter cannot help you. 


  2. 2 minutes ago, Aditya Patil said:

    Ohh thank you so much! Can you share me the decryptor link for .covm offline keys! I means which version should I download?

    The link is: https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

    The latest version is 1.0.0.4. You don't have to download a new decrypter every time - it very seldom changes. The information about the offline keys is stored in the Emsisoft server, not in the decrypter.


  3. 3 minutes ago, Aditya Patil said:

    Wait, What! Really? Ok Ok I cant control myexcitement! But I was checking the Decryptor update in every hr! Ok letbit Can you please tell me about: 

    I haven't connect my pc to internet after that attack happened and all my files get modiefied!

    After that I did deep scan with premium antivirus so there will be no danger if i connected my pc to internet?

     

    There should be no danger. You have to be connected to the internet for the decrypter to do it's job. It has to contact the Emsisoft server which has the offline keys in its database.


  4. 1 hour ago, allenpaul said:

    when i select the folder tried to decrypt the file

    Starting...

    Finished!

     

    that all what i am getting but the file remains encrypted i have attached a file with this reply

    COVM.covmUnavailable

    That kind of a response from the decrypter usually indicates that the file is not encrypted.  

    I cannot access the file - Emsisoft doesn't allow it.

    Upload  it to sendspace or the equivalent and post the link here.

    By the way, what kind of a file is this  COVM.covm?   You are missing the extension for the file type - pdf, doc, txt, and so on.

    Why would you have a file named COVM.covm anyway?


  5. 18 minutes ago, allenpaul said:

     

    Thank you sir

    I tired it most of the files are decrypted but some files are not decrypted i tried multiple times but no result can you please help

    What does the decrypter say about those files?

    Does it say this:  No key for New Variant online ID: brzGonoHEO8LfAV4n6zPrFprfPw6cMCbE5fDNTWy (just an example, yours will be different).
    Notice: this ID appears to be an online ID, decryption is impossible

    If so, the files were  encrypted by an online key and are not decryptable.


  6. 6 hours ago, allenpaul said:

    i connected net while running emsisoft now i am getting this message

    Notice: this ID appears be an offline ID, decryption MAY be possible in the future

    That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key.

    Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries.

    Suggest you run the decrypter NOW.

    • Thanks 2

  7. 2 hours ago, allenpaul said:

    recently i have been attacked by ransomware covm virus and i have deleted the virus and tried to recover the files by using emsisoft software and it shows this ''Error: The remote name could not be resolved: 'decrypter.emsisoft.com' '' kindly help me with this problem as soon as possible

    You must be connected to the internet when running the Emsisoft decrypter. It has to check with the Emsisoft server for recovered offline keys.


  8. On 5/13/2020 at 5:32 AM, MuziQ said:

     The message is:

    No key for New Variant offline ID: A9GoURN1YjdAQyaC6wsAFQH69tLYb2jZFkNvyct1
    Notice: this ID appears be an offline ID, decryption MAY be possible in the future

    This is the offline ID for the .btos STOP variant - offline/private key has not been recovered.


  9. 1 hour ago, Rivzer said:

    Hi.

    Months ago i got hit by the STOPRansomware and some files got a double extension on them. Beside STOPRansomware i got hit too by the Gandcrab ransomware and my files got like this:

    file.txt.blower.fwgyqk.blower

    I tried the pair method but it didn't work. Are there any options?

     

     

    You don't have just a double encryption - you have a triple encryption, blower.fwgyqk.blower. If all of your files have that extension, it's unlikely that you will recover them.


  10. On 4/2/2020 at 11:50 PM, ruptapash biswas said:

    thanx for the reply. 

    the complete extension is "IMG_3773.JPG.mado"

    The personal ID you posted may well be for the .mado variant. However,  the other ID (from the 'error' message) is the offline ID for the .derp variant. You should be able to get some files decrypted IF they only have the .derp extension. 


  11. 33 minutes ago, Sid123456789 said:

    when will you create the decryptor???????

    I need it really...its important its been 22 days now

    pls do something fast...please!!!!

    Emsisoft doesn't "create the decrypter".  Someone needs to pay the ransom, get the private key, decrypt his files, and donate the private key to Emsisoft, and they, in turn, add it to their server database. The decrypter checks with the server, and uses the key to decrypt files encrypted by an offline key.

    You didn't bother to tell us which variant your files are encrypted with. .jope?   What's your personal ID?


  12. 4 hours ago, Furkan said:

    0216OIWojlj48zmgd82h65FItjbl56ff6P5GS3sZpZ1qEEGUOW6t1

     

    Sir, I know ı have an offline ID. I also know it's a new virus. When can it be resolved? I want a specific date about this.

    Emsisoft may recover the offline key in days, weeks, months or never. There is no way of knowing. You aren't going to get a specific date.


  13. 1 hour ago, ASecretAnonymousPerson said:

    Is my key offline if my personal if ends in t1? Also, the one in my SystemID PersonalID is also ending in t1, but is it right if there's only one there? 

    If the only ID in your SystemID/PersonaIID.txt file ends in 't1', your files were encrypted by the offline key, and will be recoverable WHEN/IF Emsisoft recovers that key.

    Suggest you run the Emsisoft decrypter on a test bed of encrypted files every week or so to check. Emsisoft does not announce key recoveries.