BbooRekt

I'm still on the hunt to decrypt the following id (OFFLINE): uvEETK84RPC0Q5icp67CP746LJaCJuwq2tG9Kjt1

Nothing new about this one?

30 minutes ago, Srikanth said:

Hi ,

I got infected with the msop ransomeware,

Please help me identifying my ID is online or offline

0188yTllsdsYG478ZtHCimb1lsVLfDO1b9jwNwh1jN4LgzVXPo

 

thanks

It's an Online ID.

5 hours ago, zawphyo said:

help me

Seems that your ID is an online ID. Try running Emsisoft Djvu decrypter to see what ID gives you. If it's an online ID, it's impossible to decrypt

6 minutes ago, Nuno_Santos said:

Hello, my name is Nuno, I'm from Portugal and I reeeealy need you help, please!!!!!

My laptop has been infected with this .nppp virus and all of my files from work from the past 4 years have been encrypted.

I've managed to clean the virus infections from the laptop with Malwarebytes (100% sure it's clean) but, when I run your program, it says that it doesn't posess the offline key, so it MAY decrypt my files in the future.

My PersonalID is: yUigCPpx6KxQZCQZfT8NsgOwnGDHwiQkVLy9UTt1

Can you please help me somehow?

I'm getting desperate with all the locked files from work!

Thank you

The only thing that we (everyone infected with an offline ID) can do is wait. Your information is clear: You have been infected. The good news is that it's an Offline ID witch might me possible to decrypt some day in the future.

This depends on the team getting that ID decrypted. That day (if it comes) it will be uploaded to their servers so the only thing you will need to do is to run the software again.

It's recommended to run it once per week to see if your ID was decrypted. (Of course, I'm running it 2 times per day, xD)

Patience is the key. Be sure to save your encrypted files for now.

3 minutes ago, Demonslay335 said:

Some extensions they re-use the same offline ID and corresponding key. In this case, .bboo, .ooss, and .mool all have the same offline ID.

Nice, more chances to get it I guess. Just browsed your git, didn't get the idea about the stop_config.py file thought XD

13 hours ago, GT500 said:

We don't have the private key for this offline ID yet. Once we're able to find it, we'll add it to our database, and then it should be possible for you to recover your files. I recommend running the decrypter once every week or two so that you can see when we've added the private key.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

My Id is the same "No key for New Variant offline ID: uvEETK84RPC0Q5icp67CP746LJaCJuwq2tG9Kjt1"
But I was infected with .bboo

Didn't know that same ID was used for different extensions.

2 hours ago, GT500 said:

If I remember right, STOP/Djvu only encrypts a certain number of bytes of a file, so with larger files it may be possible to recover parts of them using software intended to repair those files (videos are a good example). It should be noted that this method isn't going to work for most files, and it will more than likely leave gaps of missing information/data at the beginning of the files.

Definitely this is the case. Just wanted to drop some info about it in case I can help someone. Thanks for clarifying.

I have managed to recover some old good videos that were encrypted. Of course this method is not about Decrypting them. Using a popular software to repair videos (Search in google) this method worked for 30% of my video files. I guess it just cut the corrupted frames and compile it without it and returns the video.

Hope this helps someone else.

Hi everyone. I have been doing a lot of research. The only thing we need to do is to wait for Emsisoft to upload the new decryption keys to their servers. There is nothing we can do. Uploading your Offline ID will not speed up the process.

Take note that there are multiple variants. They are doing the best they can.

Maybe we can make a crowdfunding for this heroes working on a decryption.

@João Luiz Sorry to tell you this, but if you have Online ID you are mostly rekt.

I have been infected with the newer version. The exact extension is the one named above (*.bboo).

Fortunately, my ID is a T1 (Offline encrypt) as I unplugged the internet connection when I realized what was happening.

I want to know how can I contribute in the research of a decryption tool. Is there any donation option? I prefer paying to white hat than cyber criminals.