Recommended Posts

HI Guys,

Using your latest STOPRansomware , need help with these :

Unidentified ID: hSGZAhPjkQfF7stvJC3swWpUKWH7UtDnqpZp94ko (.jpg )
Unidentified ID: hSGZAhPjkQfF7stvJC3swWpUKWH7UtDnqpZp94ko (.kiratos )
MAC: FA:28:19:EF:5D:89

any help will be highly appreciated

Thanks..

ps:  sorry for my bad english

Share this post


Link to post
Share on other sites

There's a batch file that you can use to get the MAC addresses quickly. If you'd like to try it, you can download the ZIP archive from the following link:
https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip

Simply download it, open it, and double-click the Get_MAC_Addresses file in the folder that appears. A black window will open and then close, and once that happens the batch file is done. You'll find a new file on your Desktop named MAC_Addresses which you can send to Demonslay335 so that he can try to figure out your decryption key.

Note that the quicker you can get him this information, the better your chances of being able to recover your files.

Share this post


Link to post
Share on other sites

need help for kiratos too.. 

here my mac and personal id 

MAC: 
D0:50:99:86:A6:4B

personal ID:
072Asdju732sdfAdhNmICd235UhnVWtKObZj9euyn8BtbejvDsafO34bq

thanks

Share this post


Link to post
Share on other sites

@Demonslay335 ! Just infected with .kiratos ransomware encryption virus. 
personal ID:
072Asdju732sdfAdhFGNZkCQSiUYfQgC8zNc4XAf
mac: 
50-E5-49-8F-F4-C1  

Share this post


Link to post
Share on other sites
8 hours ago, GT500 said:

There's a batch file that you can use to get the MAC addresses quickly. If you'd like to try it, you can download the ZIP archive from the following link:
https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip

Simply download it, open it, and double-click the Get_MAC_Addresses file in the folder that appears. A black window will open and then close, and once that happens the batch file is done. You'll find a new file on your Desktop named MAC_Addresses which you can send to Demonslay335 so that he can try to figure out your decryption key.

Note that the quicker you can get him this information, the better your chances of being able to recover your files.

Help me please! 

need help for kiratos too.. 

here my mac and personal id 

MAC: 
28:F1:0E:4B:9A:3C

personal ID:
072Asdju732sdfAdhZjqPRPyO34YFCjA18Kj9IsdseMEnOJrWNhuoEez4

Share this post


Link to post
Share on other sites
On ‎4‎/‎28‎/‎2019 at 10:31 AM, Demonslay335 said:

Please follow the instructions in the BleepingComputer support topic to give me all of the MAC addresses of the infected PC.

Connection Name Network Adapter Physical Address    Transport Name                                           
=============== =============== =================== ==========================================================
Ethernet        Realtek PCIe FE 74-E6-E2-30-D1-B7   Media disconnected                                       
Wi-Fi           Broadcom 802.11 10-08-B1-CC-67-5D   \Device\Tcpip_{6D930E6D-D860-403B-8393-6A40BA134970}     
Bluetooth Netwo Bluetooth Devic 10-08-B1-CC-67-5E   Media disconnected                                       
 

Share this post


Link to post
Share on other sites

I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.

Yes Sir,

Thanks for your kindness..

Hopefully I find a way out from this problem soon.

Best Regard,

Gurit Hamboro

 

Share this post


Link to post
Share on other sites

Please help me Sir Demonslay335,☹️

Here's my MAC ADD : A4:1F:72:52:08:44

ID number : 072Asdju732sdfAdhNfAjLViU2VDDBxEgZOOROjyvmprZ4ovJ6MrBfjDR

Thank you in advance Sir,

_readme.txt

Share this post


Link to post
Share on other sites
19 hours ago, SAIWU said:

Please help me Sir Demonslay335,☹️

Here's my MAC ADD : A4:1F:72:52:08:44

ID number : 072Asdju732sdfAdhNfAjLViU2VDDBxEgZOOROjyvmprZ4ovJ6MrBfjDR

Thank you in advance Sir,

_readme.txt 1.14 kB · 1 download

.kiratos? Or another variant of STOP/Djvu?

Share this post


Link to post
Share on other sites
20 hours ago, SAIWU said:

Kiratos Sir, 

OK. I've already sent your information to the creator of STOPDecrypter, and he'll archive it in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites

Hey, i need help with decrypting my files .kiratos that was infected 

personal ID:
072Asdju732sdfAdhta0hOtzBPDV6XnIJ4P1ua40YEaqy9t5kQWJZdp7x

Mac Addresses

Intel(R) Centri 24-77-03-73-E0-48   \Device\Tcpip_{C3B7C206-55A8-49B3-AB26-E5638A95C004}

Share this post


Link to post
Share on other sites
On 5/5/2019 at 7:53 AM, ArifMaz said:

Hey, i need help with decrypting my files .kiratos that was infected 

personal ID:
072Asdju732sdfAdhta0hOtzBPDV6XnIJ4P1ua40YEaqy9t5kQWJZdp7x

Mac Addresses

Intel(R) Centri 24-77-03-73-E0-48   \Device\Tcpip_{C3B7C206-55A8-49B3-AB26-E5638A95C004}

I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites

Hello there my files are encrypted with kiratos ! 

Connection Name Network Adapter Physical Address    Transport Name                                            
=============== =============== =================== ==========================================================
Local Area Conn Qualcomm Athero 08-62-66-4F-FD-08   \Device\Tcpip_{E3E745AA-927B-4A3E-9C2A-99C2650A7272}      
Local Area Conn Kaspersky Secur 00-FF-1F-FD-95-9F   Media disconnected   

Share this post


Link to post
Share on other sites
14 hours ago, Parthshah19 said:

Hello there my files are encrypted with kiratos ! 

We'll need the ID from one of the ransom notes as well. They should have a name like _readme (or something similar to this).

Share this post


Link to post
Share on other sites

haloo

my another pc already infectedby kiratos ransomware

 

here is details

 

----------------------------------------
STOPDecrypter v2.1.0.2
OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
----------------------------------------
 
No key for ID:tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
Unidentified ID: tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
MACs: 18:31:BF:6B:D4:B5
Decrypted 1 files, skipped 9
 
Your personal ID:
072Asdju732sdfAdhtIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1
 
 
thank you boss..

Share this post


Link to post
Share on other sites
14 hours ago, sait said:
No key for ID:tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
Unidentified ID: tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
MACs: 18:31:BF:6B:D4:B5
Decrypted 1 files, skipped 9

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.