Sign in to follow this  
@emmanuel

.KROPUN (ransomware)

Recommended Posts

Hello Sir/Madam,

I have been following your update on various decryption suite from your outfit, thanks for your works.

My DNS was hacked and most of my files have been encrypted with ".kropun extension" , i need your help

Please find below is the ransomware note left on my pc.

 

"

ATTENTION!

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-T9WE5uiVT6
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
046Sdsd3273yifhsisySD6q4LOYtlL9O12RSMhaEcct01WEHPDXpIvHSOwwoBC

"

I have tried with StopDecrypter and below is the results i had"

"No keys were found for the following IDs:
[*] ID: q4LOYtlL9O12RSMhaEcct01WEHPDXpIvHSOwwoBC (.kropun )
[*] ID: q4LOYtlL9O12RSMhaEcct01WEHPDXpIvHSOwwoBC (.exe )
[*] ID: GXXPADDINGPADDINGXXPADDINGPADDINGXXPADDI (.kropun )
[*] ID: q4LOYtlL9O12RSMhaEcct01WEHPDXpIvHSOwwoBC (.ICO )
[*] ID: q4LOYtlL9O12RSMhaEcct01WEHPDXpIvHSOwwoBC (.ico )

"

I shall be glad to hear from you.

Regards,

Emmamuel

Share this post


Link to post
Share on other sites

That appears to be one of the "Djvu" variants of the STOP ransomware. Unfortunately, the ID doesn't look like an offline ID, which means the odds of recovering files won't be as good. Regardless, I still recommend trying STOPDecrypter:
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip

If it can't find a key for your ID, then it won't be able to decrypt your files, and it will give you your computer's ID and MAC which you can copy and paste into a reply here (or a private message to me if you prefer) and I can forward them to Michael Gillespie (the maker of STOPDecrypter) so that he can archive them in case he manages to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites

Thanks for your swift response. 

I have already sent Michael Gillespie the ID and MAC for achieving. 

 

Thanks! 

Share this post


Link to post
Share on other sites

OK. If Michael ends up figuring out your decryption key, then I'm sure he'll let you know. ;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.