Jump to content


  • Posts

  • Joined

  • Days Won


Everything posted by cybermetric

  1. The link is: https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu The latest version is You don't have to download a new decrypter every time - it very seldom changes. The information about the offline keys is stored in the Emsisoft server, not in the decrypter.
  2. There should be no danger. You have to be connected to the internet for the decrypter to do it's job. It has to contact the Emsisoft server which has the offline keys in its database.
  3. Run it now. The offline key for the .covm variant has been recovered by Emsisoft.
  4. @allenpaul: The file you uploaded to Sendspace is NOT encrypted. If I remove the .covm extension and replace it with .jpg, the file dsplays a picture about YIFY-Torrents.com.
  5. That kind of a response from the decrypter usually indicates that the file is not encrypted. I cannot access the file - Emsisoft doesn't allow it. Upload it to sendspace or the equivalent and post the link here. By the way, what kind of a file is this COVM.covm? You are missing the extension for the file type - pdf, doc, txt, and so on. Why would you have a file named COVM.covm anyway?
  6. What does the decrypter say about those files? Does it say this: No key for New Variant online ID: brzGonoHEO8LfAV4n6zPrFprfPw6cMCbE5fDNTWy (just an example, yours will be different).Notice: this ID appears to be an online ID, decryption is impossible If so, the files were encrypted by an online key and are not decryptable.
  7. That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key. Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries. Suggest you run the decrypter NOW.
  8. You must be connected to the internet when running the Emsisoft decrypter. It has to check with the Emsisoft server for recovered offline keys.
  9. No. It applies to all of the 'new djvu' variants which first appeared in the middle of August 2019, almost all of which have 4 letter extensions. That would include the latest, .koti
  10. His files were encrypted by an offline key. The Emsisoft decrypter cannot recover files encrypted by .mado with an online key.
  11. This is the offline ID for the .btos STOP variant - offline/private key has not been recovered.
  12. You don't have just a double encryption - you have a triple encryption, blower.fwgyqk.blower. If all of your files have that extension, it's unlikely that you will recover them.
  13. This isn't a key. It's the identifier that STOP ransomware places at the end of files it has encrypted. It is useless for decryption.
  14. The personal ID you posted may well be for the .mado variant. However, the other ID (from the 'error' message) is the offline ID for the .derp variant. You should be able to get some files decrypted IF they only have the .derp extension.
  15. Emsisoft doesn't "create the decrypter". Someone needs to pay the ransom, get the private key, decrypt his files, and donate the private key to Emsisoft, and they, in turn, add it to their server database. The decrypter checks with the server, and uses the key to decrypt files encrypted by an offline key. You didn't bother to tell us which variant your files are encrypted with. .jope? What's your personal ID?
  16. That offline ID is not for the .mado variant - he must have (or had) a second STOP encryption (.derp??)
  17. The link should probably be deleted. My Sophos AV snuffed the file as soon as I opened the zip archive.
  18. This is unrelated to the .lalo STOP variant, and is an entirely different ransomware. What is the COMPLETE extension added to your files?
  19. There is no 'estimated time'. The offline key might be recovered in days,weeks, months, or never.
  20. Emsisoft may recover the offline key in days, weeks, months or never. There is no way of knowing. You aren't going to get a specific date.
  21. If the only ID in your SystemID/PersonaIID.txt file ends in 't1', your files were encrypted by the offline key, and will be recoverable WHEN/IF Emsisoft recovers that key. Suggest you run the Emsisoft decrypter on a test bed of encrypted files every week or so to check. Emsisoft does not announce key recoveries.
  22. The _readme.txt file isn't hidden. The ransomware drops it all over the place. The file to look for is the SystemID/PersonalID.txt file usually located on the C:drive It contains all of the ID's involved in the encryption. If one of the ID's listed therein ends in 't1', you should be able to recover SOME files WHEN/IF the offline/private key is recovered by Emsisoft. IF none do, ALL of your files were encrypted by an online key and cannot be recovered.
  23. @ruptapash biswas: This is an offline ID, but it is not related to the .mado variant. What is the complete extension of the file involved?
  24. Actually, Amigo-A, the ID is the offline ID for .mado.
  25. .foop (V0213) is the latest STOP variant, currently undecryptable. Wannacry is a totally different ransomware - so which do you have? both? What is the complete extension added to your encrypted files?
  • Create New...