.kiratos encrypted files

[Lolo3916 0]

Please, do you have any tool for decrypting  of .kiratos encrypted files?

i got this result from ID Ransomware

ID Ransomware result

thanks.

[Amigo-A 32]

Hello. Your files are encrypted with the new STOP Ransomware variant with extension .kiratos

This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year...
Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). 

You need to read important information on the link. 

Also attach a ransom note and a few encrypted doc, jpg, png files to your first or new post.

[GT500 573]

6 hours ago, Lolo3916 said:

Please, do you have any tool for decrypting  of .kiratos encrypted files?

i got this result from ID Ransomware

ID Ransomware result

thanks.

Demonslay335 let me know that he had contacted you privately. He's the creator of STOPDecrypter, and he may be able to help figure out your private key for decrypting your files.

[Lolo3916 0]

Thanks everyone who helped me in my problem,but a special thanks to the hero

Demonslay335 the one who helped me to end that nightmare.

Thanks Demonslay335 i hope that I can help you some day.

[nneo 0]

5 hours ago, Lolo3916 said:

Thanks everyone who helped me in my problem,but a special thanks to the hero

Demonslay335 the one who helped me to end that nightmare.

Thanks Demonslay335 i hope that I can help you some day.

why u don't share solution for other people have same problem ?

[Lolo3916 0]

As I told you before Demonslay335 contacted me and asked for my personal ID which found it in the _readme.txt created by ransomware and also asked for my MAC ADDRESS I sent him what he wants and after sometime he sent me back the decryption password I used it in his software called STOPDecrypter  that's all.

[Demonslay335 11]

@nneo

Keys are unique per victim, and only some are lucky for me to be able to recover a key in very rare cases.

Everything is explained in the first post and FAQ of the support topic: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/

If you were hit by extension .kiratos, I need this information ASAP. If any other extension, I just need it to archive.

[guilhermepeace 0]

First of all, sorry for the bad english (not a meme, I am a brazilian)

Second, can I have this solution too? I am inffected with this kiratos bullshit since friday and I have done everything that I could. Please! :'(

[Amigo-A 32]

guilhermepeace

You need to stop the infection of the computer.

Use an antivirus product to treat PC. https://www.emsisoft.com/en/home/antimalware/#scan-and-clean

30 days free trial

Only after that you can collect files and try to decrypt them.

[bouguerra sam 0]

[!] No keys were found for the following IDs:

[*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.jpg )
[*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.kiratos )
[*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.docx )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MAC: 30:5A:3A:E4:8F:DB
[*] MAC: 00:FF:BD:0A:E1:59
This info has also been logged to STOPDecrypter-log.txt
help plss

 

version 2.1.0.1

[zoko 0]

Hallo everybody.

Yesterday my pc get infected and all documents have extension .kiratos.

I cleaned up pc but all documents remained encrypted.

STOPDdecryptor give message [!] No keys were found for the following IDs:
[*] ID: YpIr5LyLU95yLa9u0jPOZ4EMXujER01YIKUUgRZ8 (.kiratos )

 

Id from _readme.txt file

Your personal ID:
072Asdju732sdfAdhYpIr5LyLU95yLa9u0jPOZ4EMXujER01YIKUUgRZ8

my mac address  00-24-21-AF-96-90

Plese help me.

[GT500 573]

I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.

[adityabatura 0]

Hi all,

 

Sucks that I found this forum after the time window has elapsed, from the ransom readme.txt my personal ID:

Your personal ID:
072Asdju732sdfAdhF9xnKUpJdp88oig3B1u7H8fRDpMD1t2O2eZDHyFt

I tried running the STOPdecrypter tool and here is the output I got:

[!] No keys were found for the following IDs:
[*] ID: F9xnKUpJdp88oig3B1u7H8fRDpMD1t2O2eZDHyFt (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MAC: 00:E0:4C:36:97:B9
[*] MAC: 64:5D:86:A3:ED:A6
[*] MAC: 66:5D:86:A3:ED:A5
[*] MAC: 00:09:0F:FE:00:01
[*] MAC: 64:5D:86:A3:ED:A5
[*] MAC: 64:5D:86:A3:ED:A9

 

I really hope @Demonslay335 will be able to help!

[rahuldhruvxxx 0]

Demonslay335

please help .kiratos destroy my life destroyed

Starting decryption...

[+] File: C:\Users\Administrator\Desktop\nw\8-Maths-NCERT-Solutions-Chapter-10-1.pdf.kiratos
[-] No key for ID: mSrVjfKJdjIEEs4CAUymx2GRhCGo1s7srz07mqnU (.kiratos )

Decrypted 0 files!
Skipped 1 files.

[!] No keys were found for the following IDs:
[*] ID: mSrVjfKJdjIEEs4CAUymx2GRhCGo1s7srz07mqnU (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: D0:27:88:19:15:7A
This info has also been logged to STOPDecrypter-log.txt
 

[GT500 573]

@rahuldhruvxxx the creator of STOPDecrypter has archived your information.

@adityabatura please allow me to apologize for not replying earlier, however I have been told that your information was archived already.

If the creator of STOPDecrypter is able to figure out either of your decryption keys, then he will send you a message privately to let you know, and tell you how to proceed. Right now all you have to do it wait.

[Sami Suhail 0]

 No keys were found for the following IDs:
[*] ID: IYowMwYsTvdxAhn3KvnRAbCj7z2jETimRBUTgBpa (.lanset )

[GT500 573]

On 7/23/2019 at 6:01 PM, Sami Suhail said:

 No keys were found for the following IDs:
[*] ID: IYowMwYsTvdxAhn3KvnRAbCj7z2jETimRBUTgBpa (.lanset )

Did STOPDecrypter list any MAC addresses? Would it be possible to attach the log from STOPDecrypter to a reply?