rabie1001

effected by .verasto , .hrosas ransomware please help me. important files

Recommended Posts

 

*My topic was deleted due to database corruption*  here is a repost

 

i have downloaded  application that hacked my pc and effected all the files on it ,  the files are so important to me is there is any way to recover it please

i don't have a restore point though

 

STOPDecrypter-log.txt

No key for ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas )
No key for ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto )
Unidentified ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas )
Unidentified ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto )
MAC: 94:39:E5:5D:AD:8B
Decrypted 0 files, skipped 3

 

.verasto Simple

https://id-ransomware.malwarehunterteam.com/identify.php?case=6b87111c4a42bc470e0f5e753414a2c22f2e0114

 

.hrosas Simple

https://id-ransomware.malwarehunterteam.com/identify.php?case=0df8cef436ad4ac5de01cb7ea71f45dc42482fa0

 

 

_readme.txt File , Notes

ATTENTION!

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-oEUEuysYiZ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Support Telegram account:
@datarestore

Your personal ID:
070bfydGdbfsew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs

Share this post


Link to post
Share on other sites

Hello. Yes, there was a malfunction and some messages could be lost. Fortunately, the forum was promptly restored.
Your files are encrypted with the new STOP Ransomware variants with extensions .verasto and .hrosas


This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year...
Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). 

You need to read important information on the link

  • Like 1

Share this post


Link to post
Share on other sites

You also can uploading a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/ 
But the result will be the same link to the forum BleepingComputer, because requests of the victims are initially collected there.

Demonslay335  will also receive your information if you leave it here.

  • Like 1

Share this post


Link to post
Share on other sites
6 hours ago, rabie1001 said:

i have downloaded  application that hacked my pc and effected all the files on it ,  the files are so important to me is there is any way to recover it please

Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.

  • Like 1

Share this post


Link to post
Share on other sites
7 hours ago, rabie1001 said:

STOPDecrypter-log.txt

No key for ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas )
No key for ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto )
Unidentified ID: djDiPvX8ToOOfCxFpcDgiqBOPoynVE0KTLZAAJH2 (.hrosas )
Unidentified ID: ew6T2U0TjoPxUd7IDWtHv376ibb45SvHiOiHVrhs (.verasto )
MAC: 94:39:E5:5D:AD:8B
Decrypted 0 files, skipped 3

Unfortunately those MAC addresses aren't correct. The correct network adapter must have been offline when STOPDecrypter was run.

To get the correct MAC address we can use a simple batch file. Download and open the ZIP archive at the following link:
https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip

When it opens, you'll see a folder containing a file named Get_MAC_Addresses. Double-click on that "Get_MAC_Addresses" file, a black window should appear and then shortly disappear. After that there should be a new file on your Desktop called MAC_Addresses. Please attach that "MAC_Addresses" file to a reply, or send it directly to Demonslay335 in a private message to expedite the process (be sure to also send him a link to this topic, or at least send him the information you posted here from STOPDecrypter).

  • Like 1

Share this post


Link to post
Share on other sites
10 hours ago, Amigo-A said:

You also can uploading a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/ 
But the result will be the same link to the forum BleepingComputer, because requests of the victims are initially collected there.

Demonslay335  will also receive your information if you leave it here.

Ok Amigo-A roger that , thanks

4 hours ago, GT500 said:

Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.

I really hope so , thats gonna save my life , i will try to contact Demonslay335 too i hope he isn't busy

3 hours ago, GT500 said:

Unfortunately those MAC addresses aren't correct. The correct network adapter must have been offline when STOPDecrypter was run.

 To get the correct MAC address we can use a simple batch file. Download and open the ZIP archive at the following link:
https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip

When it opens, you'll see a folder containing a file named Get_MAC_Addresses. Double-click on that "Get_MAC_Addresses" file, a black window should appear and then shortly disappear. After that there should be a new file on your Desktop called MAC_Addresses. Please attach that "MAC_Addresses" file to a reply, or send it directly to Demonslay335 in a private message to expedite the process (be sure to also send him a link to this topic, or at least send him the information you posted here from STOPDecrypter).

i have attached the file , please check it 

UPDATE : hey i have figured that i have downloaded the infected app from my mobile hotspot

my mobile WIFI MAC address is 64:A3:CB:56:1F:F7

would that help ?

 

MAC_Addresses.txt

Share this post


Link to post
Share on other sites

I think the window for figuring out they keys for .hrosas expired Friday night, and the window for .verasto expired a day or two before that. Assuming Demonslay335 replied to your private message, then I assume you sent him the MAC address you posted here as well? If so, then he'll archive it for future reference (by which I mean "in case he's able to figure the decryption key out at some point in the future").

  • Like 1

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

I think the window for figuring out they keys for .hrosas expired Friday night, and the window for .verasto expired a day or two before that. Assuming Demonslay335 replied to your private message, then I assume you sent him the MAC address you posted here as well? If so, then he'll archive it for future reference (by which I mean "in case he's able to figure the decryption key out at some point in the future").

Thank you so much for your help  🌹

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.