Alvnn 0 Posted April 26, 2019 Report Share Posted April 26, 2019 My data encrypted by .kiratos format file, please help me Quote Link to post Share on other sites
GT500 854 Posted April 26, 2019 Report Share Posted April 26, 2019 That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Quote Link to post Share on other sites
GT500 854 Posted April 26, 2019 Report Share Posted April 26, 2019 I just realized that Demonslay335 told me he'd already contacted you. He's the one who made STOPDecrypter, and he may be able to help you figure out the private key to decrypt your files. Quote Link to post Share on other sites
Dut 0 Posted April 27, 2019 Report Share Posted April 27, 2019 9 hours ago, GT500 said: That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter "[+] File: E:\2019\Pablo\Para fazer.xlsx.kiratos [-] No key for ID: BWsnZhluSQB9yBIuHtScQZG0SsW1HiUZV3rEo6g3 (.kiratos )" Can I recover my files? :( Quote Link to post Share on other sites
Lolo3916 0 Posted April 27, 2019 Report Share Posted April 27, 2019 Hi my friend. Demonslay335 helped me and all .kiratos encrypted files now decrypted Thanks for Demonslay335 Sure he will help you. Quote Link to post Share on other sites
GT500 854 Posted April 28, 2019 Report Share Posted April 28, 2019 On 4/27/2019 at 3:14 AM, Dut said: "[+] File: E:\2019\Pablo\Para fazer.xlsx.kiratos [-] No key for ID: BWsnZhluSQB9yBIuHtScQZG0SsW1HiUZV3rEo6g3 (.kiratos )" Can I recover my files? There's a possibility that if you can get your MAC addresses to Demonslay335 fast enough that he may be able to help you. There's a batch file that can make this easier for you. Just download the ZIP archive at the following link, open it, double-click on the Get_MAC_Addresses file in the folder that opens, and it will save a new file on your Desktop named MAC_Addresses which you can attach to a private message to Demonslay335:https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip While the batch file is running it will open a black window on your screen, and once that black window is gone the batch file will be done. Quote Link to post Share on other sites
GT500 854 Posted April 28, 2019 Report Share Posted April 28, 2019 On 4/27/2019 at 3:14 AM, Dut said: "[+] File: E:\2019\Pablo\Para fazer.xlsx.kiratos [-] No key for ID: BWsnZhluSQB9yBIuHtScQZG0SsW1HiUZV3rEo6g3 (.kiratos )" Sorry, I overlooked that Demonslay335 already told me he'd helped you. Feel free to ignore my previous post. Quote Link to post Share on other sites
Jonathan 0 Posted May 22, 2019 Report Share Posted May 22, 2019 I have the same problem, i tryed to use STOPDecrypter but he not decrypt everything, my virus it's .Ferosas, someone can help me? Quote Link to post Share on other sites
GT500 854 Posted May 22, 2019 Report Share Posted May 22, 2019 1 hour ago, Jonathan said: I have the same problem, i tryed to use STOPDecrypter but he not decrypt everything, my virus it's .Ferosas, someone can help me? This is a variant of the STOP ransomware. STOPDecrypter more than likely won't be able to recover your files, however it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Quote Link to post Share on other sites
GT500 854 Posted May 22, 2019 Report Share Posted May 22, 2019 FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Quote Link to post Share on other sites
Jayce Lawrie 0 Posted August 5, 2019 Report Share Posted August 5, 2019 When I used the Stop Decrypter to decrypt kiratos encrypted files this is the message I got can anyone figure this out for me please?? **************************************************************************************** [-]No key for ID:Fgfr769uf97ieBAz6oyIIcaoln2Rt07bYq5NrQ5C(.kiratos) Decrypted 0 files! skipped 1 files. [!]No keys were found for for the following IDs: [*] ID:Fgfr769uf97ieBAz6oyIIcaoln2Rt07bYq5NrQ5C(.kiratos) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MAC: 00:23:4D:94:B9:61 [*] MAC: 00:23:4D:94:B9:61 [*] MAC: 00:23:4D:94:39:61 [*] MAC: 00:21:9B:F4:4B:35 This info has also been logged to STOPDecrypter-log.txt ********************************************************************************************* Quote Link to post Share on other sites
GT500 854 Posted August 6, 2019 Report Share Posted August 6, 2019 @Jayce Lawrie that looks like an older STOPDecrypter log. Did you already send your information to @Demonslay335? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.