Lolo3916 0 Report post Posted April 26, 2019 Please, do you have any tool for decrypting of .kiratos encrypted files? i got this result from ID Ransomware ID Ransomware result thanks. Quote Share this post Link to post Share on other sites
Amigo-A 63 Report post Posted April 26, 2019 Hello. Your files are encrypted with the new STOP Ransomware variant with extension .kiratos This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link. Also attach a ransom note and a few encrypted doc, jpg, png files to your first or new post. Quote Share this post Link to post Share on other sites
GT500 654 Report post Posted April 26, 2019 6 hours ago, Lolo3916 said: Please, do you have any tool for decrypting of .kiratos encrypted files? i got this result from ID Ransomware ID Ransomware result thanks. Demonslay335 let me know that he had contacted you privately. He's the creator of STOPDecrypter, and he may be able to help figure out your private key for decrypting your files. Quote Share this post Link to post Share on other sites
Lolo3916 0 Report post Posted April 27, 2019 Thanks everyone who helped me in my problem,but a special thanks to the hero Demonslay335 the one who helped me to end that nightmare. Thanks Demonslay335 i hope that I can help you some day. Quote Share this post Link to post Share on other sites
nneo 0 Report post Posted April 28, 2019 5 hours ago, Lolo3916 said: Thanks everyone who helped me in my problem,but a special thanks to the hero Demonslay335 the one who helped me to end that nightmare. Thanks Demonslay335 i hope that I can help you some day. why u don't share solution for other people have same problem ? Quote Share this post Link to post Share on other sites
Lolo3916 0 Report post Posted April 28, 2019 As I told you before Demonslay335 contacted me and asked for my personal ID which found it in the _readme.txt created by ransomware and also asked for my MAC ADDRESS I sent him what he wants and after sometime he sent me back the decryption password I used it in his software called STOPDecrypter that's all. Quote Share this post Link to post Share on other sites
Demonslay335 24 Report post Posted April 28, 2019 @nneo Keys are unique per victim, and only some are lucky for me to be able to recover a key in very rare cases. Everything is explained in the first post and FAQ of the support topic: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/ If you were hit by extension .kiratos, I need this information ASAP. If any other extension, I just need it to archive. 1 Quote Share this post Link to post Share on other sites
guilhermepeace 0 Report post Posted April 29, 2019 First of all, sorry for the bad english (not a meme, I am a brazilian) Second, can I have this solution too? I am inffected with this kiratos bullshit since friday and I have done everything that I could. Please! :'( Quote Share this post Link to post Share on other sites
Amigo-A 63 Report post Posted April 29, 2019 guilhermepeace You need to stop the infection of the computer. Use an antivirus product to treat PC. https://www.emsisoft.com/en/home/antimalware/#scan-and-clean 30 days free trial Only after that you can collect files and try to decrypt them. Quote Share this post Link to post Share on other sites
bouguerra sam 0 Report post Posted April 29, 2019 [!] No keys were found for the following IDs: [*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.jpg ) [*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.kiratos ) [*] ID: PyTPBNfLzu993mnX7vksc149hwPLlKqTcEkK5CHx (.docx ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MAC: 30:5A:3A:E4:8F:DB [*] MAC: 00:FF:BD:0A:E1:59 This info has also been logged to STOPDecrypter-log.txt help plss version 2.1.0.1 Quote Share this post Link to post Share on other sites
zoko 0 Report post Posted April 29, 2019 Hallo everybody. Yesterday my pc get infected and all documents have extension .kiratos. I cleaned up pc but all documents remained encrypted. STOPDdecryptor give message [!] No keys were found for the following IDs: [*] ID: YpIr5LyLU95yLa9u0jPOZ4EMXujER01YIKUUgRZ8 (.kiratos ) Id from _readme.txt file Your personal ID: 072Asdju732sdfAdhYpIr5LyLU95yLa9u0jPOZ4EMXujER01YIKUUgRZ8 my mac address 00-24-21-AF-96-90 Plese help me. Quote Share this post Link to post Share on other sites
GT500 654 Report post Posted April 30, 2019 I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future. Quote Share this post Link to post Share on other sites
adityabatura 0 Report post Posted April 30, 2019 Hi all, Sucks that I found this forum after the time window has elapsed, from the ransom readme.txt my personal ID: Your personal ID: 072Asdju732sdfAdhF9xnKUpJdp88oig3B1u7H8fRDpMD1t2O2eZDHyFt I tried running the STOPdecrypter tool and here is the output I got: [!] No keys were found for the following IDs: [*] ID: F9xnKUpJdp88oig3B1u7H8fRDpMD1t2O2eZDHyFt (.kiratos ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MAC: 00:E0:4C:36:97:B9 [*] MAC: 64:5D:86:A3:ED:A6 [*] MAC: 66:5D:86:A3:ED:A5 [*] MAC: 00:09:0F:FE:00:01 [*] MAC: 64:5D:86:A3:ED:A5 [*] MAC: 64:5D:86:A3:ED:A9 I really hope @Demonslay335 will be able to help! Quote Share this post Link to post Share on other sites
rahuldhruvxxx 0 Report post Posted July 19, 2019 Demonslay335 please help .kiratos destroy my life destroyed Starting decryption... [+] File: C:\Users\Administrator\Desktop\nw\8-Maths-NCERT-Solutions-Chapter-10-1.pdf.kiratos [-] No key for ID: mSrVjfKJdjIEEs4CAUymx2GRhCGo1s7srz07mqnU (.kiratos ) Decrypted 0 files! Skipped 1 files. [!] No keys were found for the following IDs: [*] ID: mSrVjfKJdjIEEs4CAUymx2GRhCGo1s7srz07mqnU (.kiratos ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: D0:27:88:19:15:7A This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 654 Report post Posted July 19, 2019 @rahuldhruvxxx the creator of STOPDecrypter has archived your information. @adityabatura please allow me to apologize for not replying earlier, however I have been told that your information was archived already. If the creator of STOPDecrypter is able to figure out either of your decryption keys, then he will send you a message privately to let you know, and tell you how to proceed. Right now all you have to do it wait. Quote Share this post Link to post Share on other sites
Sami Suhail 0 Report post Posted July 23, 2019 No keys were found for the following IDs: [*] ID: IYowMwYsTvdxAhn3KvnRAbCj7z2jETimRBUTgBpa (.lanset ) Quote Share this post Link to post Share on other sites
GT500 654 Report post Posted July 24, 2019 On 7/23/2019 at 6:01 PM, Sami Suhail said: No keys were found for the following IDs: [*] ID: IYowMwYsTvdxAhn3KvnRAbCj7z2jETimRBUTgBpa (.lanset ) Did STOPDecrypter list any MAC addresses? Would it be possible to attach the log from STOPDecrypter to a reply? Quote Share this post Link to post Share on other sites
GT500 654 Report post Posted October 19, 2019 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
