rabie1001 0 Report post Posted April 26, 2019 *My topic was deleted due to database corruption* here is a repost i have downloaded application that hacked my pc and effected all the files on it , the files are so important to me is there is any way to recover it please i don't have a restore point though STOPDecrypter-log.txt No key for ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas ) No key for ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto ) Unidentified ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas ) Unidentified ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto ) MAC: 94:39:E5:5D:AD:8B Decrypted 0 files, skipped 3 .verasto Simple https://id-ransomware.malwarehunterteam.com/identify.php?case=6b87111c4a42bc470e0f5e753414a2c22f2e0114 .hrosas Simple https://id-ransomware.malwarehunterteam.com/identify.php?case=0df8cef436ad4ac5de01cb7ea71f45dc42482fa0 _readme.txt File , Notes ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool:https://we.tl/t-oEUEuysYiZ Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Support Telegram account: @datarestore Your personal ID: 070bfydGdbfsew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs Quote Share this post Link to post Share on other sites
rabie1001 0 Report post Posted April 26, 2019 IMG_20131222_025146.jpg.verasto IMG_20140130_083050.jpg.hrosas 1.vcf.verasto 2.vcf.hrosas _readme.txt Quote Share this post Link to post Share on other sites
Amigo-A 134 Report post Posted April 26, 2019 Hello. Yes, there was a malfunction and some messages could be lost. Fortunately, the forum was promptly restored. Your files are encrypted with the new STOP Ransomware variants with extensions .verasto and .hrosas This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link. 1 Quote Share this post Link to post Share on other sites
Amigo-A 134 Report post Posted April 26, 2019 You also can uploading a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ But the result will be the same link to the forum BleepingComputer, because requests of the victims are initially collected there. Demonslay335 will also receive your information if you leave it here. 1 Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted April 26, 2019 6 hours ago, rabie1001 said: i have downloaded application that hacked my pc and effected all the files on it , the files are so important to me is there is any way to recover it please Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335. 1 Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted April 26, 2019 7 hours ago, rabie1001 said: STOPDecrypter-log.txt No key for ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas ) No key for ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto ) Unidentified ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas ) Unidentified ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto ) MAC: 94:39:E5:5D:AD:8B Decrypted 0 files, skipped 3 Unfortunately those MAC addresses aren't correct. The correct network adapter must have been offline when STOPDecrypter was run. To get the correct MAC address we can use a simple batch file. Download and open the ZIP archive at the following link:https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip When it opens, you'll see a folder containing a file named Get_MAC_Addresses. Double-click on that "Get_MAC_Addresses" file, a black window should appear and then shortly disappear. After that there should be a new file on your Desktop called MAC_Addresses. Please attach that "MAC_Addresses" file to a reply, or send it directly to Demonslay335 in a private message to expedite the process (be sure to also send him a link to this topic, or at least send him the information you posted here from STOPDecrypter). 1 Quote Share this post Link to post Share on other sites
rabie1001 0 Report post Posted April 27, 2019 10 hours ago, Amigo-A said: You also can uploading a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ But the result will be the same link to the forum BleepingComputer, because requests of the victims are initially collected there. Demonslay335 will also receive your information if you leave it here. Ok Amigo-A roger that , thanks 4 hours ago, GT500 said: Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335. I really hope so , thats gonna save my life , i will try to contact Demonslay335 too i hope he isn't busy 3 hours ago, GT500 said: Unfortunately those MAC addresses aren't correct. The correct network adapter must have been offline when STOPDecrypter was run. To get the correct MAC address we can use a simple batch file. Download and open the ZIP archive at the following link:https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip When it opens, you'll see a folder containing a file named Get_MAC_Addresses. Double-click on that "Get_MAC_Addresses" file, a black window should appear and then shortly disappear. After that there should be a new file on your Desktop called MAC_Addresses. Please attach that "MAC_Addresses" file to a reply, or send it directly to Demonslay335 in a private message to expedite the process (be sure to also send him a link to this topic, or at least send him the information you posted here from STOPDecrypter). i have attached the file , please check it UPDATE : hey i have figured that i have downloaded the infected app from my mobile hotspot my mobile WIFI MAC address is 64:A3:CB:56:1F:F7 would that help ? MAC_Addresses.txt Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted April 28, 2019 I think the window for figuring out they keys for .hrosas expired Friday night, and the window for .verasto expired a day or two before that. Assuming Demonslay335 replied to your private message, then I assume you sent him the MAC address you posted here as well? If so, then he'll archive it for future reference (by which I mean "in case he's able to figure the decryption key out at some point in the future"). 1 Quote Share this post Link to post Share on other sites
rabie1001 0 Report post Posted April 29, 2019 3 hours ago, GT500 said: I think the window for figuring out they keys for .hrosas expired Friday night, and the window for .verasto expired a day or two before that. Assuming Demonslay335 replied to your private message, then I assume you sent him the MAC address you posted here as well? If so, then he'll archive it for future reference (by which I mean "in case he's able to figure the decryption key out at some point in the future"). Thank you so much for your help 🌹 Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted April 30, 2019 You're welcome. Quote Share this post Link to post Share on other sites
