Jump to content


  • Posts

  • Joined

  • Days Won


Everything posted by cybermetric

  1. This is the type of response that the decrypter gives when it doesn't find any encrypted files. All I can suggest is to copy perhaps 5 of the files that were not decrypted into a test folder, and run the decrypter on just that folder (as you did on another folder above). If you still get the same result, one of the experts here will have to work on this. What happens if you remove the iqll extension from one of these files? Is it accessible? (Just a thought). in some cases the ransomware burps and just adds the extension without encrypting the file.
  2. You have an offline ID. WHEN/IF Emsisoft is donated the offline/private key by a victim of this variant who has paid the ransom, you will be able to decrypt your files. In the meantime, secure the encrypted files on an external HD for safe-keeping. Run the Emsisoft decrypter on a testbed of encrypted files every week or so to check. Emsisoft doesn't announce donated keys.
  3. The decrypter would have given you a reason. What did it report on the files it wouldn't decrypt?
  4. Run the Emsisoft decrypter NOW. It appears that Emsisoft has received the offline/private key for the .igll STOP variant.
  5. The extension is .ogdo, not odgo. The offline key has never been received by Emsisoft. Your files remain undecryptable until that happens.
  6. There is no solution for files encrypted by an online key of any of the "New Version" STOP variants (which include the .sspg variant).
  7. It is not resolvable. An online ID indicates files were encrypted by an online key, and cannot be decrypted.
  8. One could manually remove the extension quite easily. Also, using some other decrypter may have removed the extensions. I don't know how the Emsisoft decrypter would respond if the extensions have been removed. I'm sure Amigo-A (one of the resident experts) will be along with additional help. The error you got is because you weren't online when you ran the decrypter. The decrypter needs to connect with the Emsisoft server.
  9. It also looks like @daemon3642 has removed the .drume extension from the encrypted files, which he/she should not have done.
  10. The offline key for the .vari STOP variant has never been donated to Emsisoft by a victim who paid the ransom and got the key. If Emsisoft had received it, they would have added it to their server, and the Emsisoft decrypter would have decrypted your files. That has never happened. This, of course, assumes that your files were encrypted by an offline key. If you've run the Emsisoft decrypter and it indicates 'decryption is impossible', your files were encrypted by an online key, and are not decryptable.
  11. It's .ehiz, not .ehis. This is the latest (so far) variant of the STOP ransomware. If you run the Emsisoft decrypter on your files and it indicates "decryption is impossible", your files were encrypted by an online key, and you can only recover them by dealing with the criminals. The Emsisoft decrypter cannot help you.
  12. @YaYA: Why don't you be a hero and donate the private key to Emsisoft so they can add it to their system and others that had files encrypted by an offline key can recover their files?
  13. The error can also mean the poster's computer wasn't connected to the internet when he ran the decrypter.
  14. I don't think that the poster has 2 ID's. it looks like he truncated the ID from the PersonalID. txt file.
  15. What extension was added to your encrypted files?
  16. Did you run the Emsisoft decrypter? It would have told you.
  17. What is the extension added to your encrypted files?
  18. Recently. Run the Emsisoft decrypter on your files.
  19. What is the id? If your files were encrypted by an offline key, the Emsisoft decrypter will recover your files, WHEN/IF Emsisoft is able to recover the offline/private key. Suggest you run the decrypter on a test bed of encrypted files every week or so.
  20. The OP is probably using an earlier version of the Emsisoft decrypter - he needs to be on V That problem was corrected in an update.
  21. The offline ID for .msop is d8TwbCMGuw5Ei5PlymKj0pldFtsUYeGxci3YGlbt1 - .msop It is NOT the same as yours.
  22. Well, the ID you posted is the offline ID for this variant, and Emsisoft has recovered the offline/private key for .vawe. So, if you ran the decrypter on all of your files and none were decrypted, (you got the 'decryption is impossible' message), all were encrypted by an online key, and the decrypter cannot help you.
  • Create New...