Lolo3916

.kiratos encrypted files

Recommended Posts

Hello. Your files are encrypted with the new STOP Ransomware variant with extension .kiratos

This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year...
Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). 

You need to read important information on the link

Also attach a ransom note and a few encrypted doc, jpg, png files to your first or new post.

Share this post


Link to post
Share on other sites
6 hours ago, Lolo3916 said:

Please, do you have any tool for decrypting  of .kiratos encrypted files?

i got this result from ID Ransomware

ID Ransomware result

thanks.

Demonslay335 let me know that he had contacted you privately. He's the creator of STOPDecrypter, and he may be able to help figure out your private key for decrypting your files.

Share this post


Link to post
Share on other sites

Thanks everyone who helped me in my problem,but a special thanks to the hero

Demonslay335 the one who helped me to end that nightmare.

Thanks Demonslay335 i hope that I can help you some day.

Share this post


Link to post
Share on other sites
5 hours ago, Lolo3916 said:

Thanks everyone who helped me in my problem,but a special thanks to the hero

Demonslay335 the one who helped me to end that nightmare.

Thanks Demonslay335 i hope that I can help you some day.

why u don't share solution for other people have same problem ?

Share this post


Link to post
Share on other sites

As I told you before Demonslay335 contacted me and asked for my personal ID which found it in the _readme.txt created by ransomware and also asked for my MAC ADDRESS I sent him what he wants and after sometime he sent me back the decryption password I used it in his software called STOPDecrypter  that's all.

Share this post


Link to post
Share on other sites

@nneo

Keys are unique per victim, and only some are lucky for me to be able to recover a key in very rare cases.

Everything is explained in the first post and FAQ of the support topic: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/

If you were hit by extension .kiratos, I need this information ASAP. If any other extension, I just need it to archive.

  • Upvote 1

Share this post


Link to post
Share on other sites

First of all, sorry for the bad english (not a meme, I am a brazilian)

Second, can I have this solution too? I am inffected with this kiratos bullshit since friday and I have done everything that I could. Please! :'(

Share this post


Link to post
Share on other sites

[!] No keys were found for the following IDs:

[*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.jpg )
[*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.kiratos )
[*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.docx )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MAC: 30:5A:3A:E4:8F:DB
[*] MAC: 00:FF:BD:0A:E1:59
This info has also been logged to STOPDecrypter-log.txt
help plss

 

version 2.1.0.1

Share this post


Link to post
Share on other sites

Hallo everybody.

Yesterday my pc get infected and all documents have extension .kiratos.

I cleaned up pc but all documents remained encrypted.

STOPDdecryptor give message [!] No keys were found for the following IDs:
[*] ID: YpIr5LyLU95yLa9u0jPOZ4EMXujER01YIKUUgRZ8 (.kiratos )

 

Id from _readme.txt file

Your personal ID:
072Asdju732sdfAdhYpIr5LyLU95yLa9u0jPOZ4EMXujER01YIKUUgRZ8

my mac address  00-24-21-AF-96-90

Plese help me.

Share this post


Link to post
Share on other sites

I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.

Share this post


Link to post
Share on other sites

Hi all,

 

Sucks that I found this forum after the time window has elapsed, from the ransom readme.txt my personal ID:

Your personal ID:
072Asdju732sdfAdhF9xnKUpJdp88oig3B1u7H8fRDpMD1t2O2eZDHyFt


I tried running the STOPdecrypter tool and here is the output I got:

[!] No keys were found for the following IDs:
[*] ID: F9xnKUpJdp88oig3B1u7H8fRDpMD1t2O2eZDHyFt (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MAC: 00:E0:4C:36:97:B9
[*] MAC: 64:5D:86:A3:ED:A6
[*] MAC: 66:5D:86:A3:ED:A5
[*] MAC: 00:09:0F:FE:00:01
[*] MAC: 64:5D:86:A3:ED:A5
[*] MAC: 64:5D:86:A3:ED:A9

 

I really hope @Demonslay335 will be able to help!

Share this post


Link to post
Share on other sites

Demonslay335

please help .kiratos destroy my life destroyed

Starting decryption...

[+] File: C:\Users\Administrator\Desktop\nw\8-Maths-NCERT-Solutions-Chapter-10-1.pdf.kiratos
[-] No key for ID: mSrVjfKJdjIEEs4CAUymx2GRhCGo1s7srz07mqnU (.kiratos )

Decrypted 0 files!
Skipped 1 files.

[!] No keys were found for the following IDs:
[*] ID: mSrVjfKJdjIEEs4CAUymx2GRhCGo1s7srz07mqnU (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: D0:27:88:19:15:7A
This info has also been logged to STOPDecrypter-log.txt
 

Share this post


Link to post
Share on other sites

@rahuldhruvxxx the creator of STOPDecrypter has archived your information.

@adityabatura please allow me to apologize for not replying earlier, however I have been told that your information was archived already.

If the creator of STOPDecrypter is able to figure out either of your decryption keys, then he will send you a message privately to let you know, and tell you how to proceed. Right now all you have to do it wait.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.