Gurit Hamboro

.Kiratos Decryptor

By Gurit Hamboro, in Help, my files are encrypted!

Recommended Posts

GT500    593

GT500
Posted
On 7/7/2019 at 2:29 PM, Xcf said:

.kiratos virus extension

Personal ID:
072Asdju732sdfAdh1dAZcn629IyyOMmOEYoGDOmaxsTwvupU2MFl0WZV

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post

Link to post
Share on other sites

GT500    593

GT500
Posted
3 hours ago, yousef_elmalk said:

is there any feedback MR GT500?

None yet. We're still working hard on this ransomware though, so please don't give up yet. We haven't. :)

Share this post

Link to post
Share on other sites

GT500    593

GT500
Posted
9 hours ago, yousef_elmalk said:

is there anything is needed from my side MR.GT 500?

Just some more patients. Even though it's taking a lot of time, we haven't given up yet.

Share this post

Link to post
Share on other sites

GT500    593

GT500
Posted

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post

Link to post
Share on other sites

ilterish    0

ilterish
Posted
On 5/4/2019 at 2:06 AM, GT500 said:

OK. I've already sent your information to the creator of STOPDecrypter, and he'll archive it in case he is able to figure out your decryption key at some point in the future.

Sir No remedy for peet virus? 😭

Share this post

Link to post
Share on other sites

GT500    593

GT500
Posted
2 hours ago, yousef_elmalk said:

MR. GT 500

i tried to upload the same file through tool  but i faced below error 

 

Invalid file pair; encrypted file incorrect size

Your files in your screenshot are exactly the same size. This suggests that you may have made a copy of the encrypted file, removed .kiratos from the name, and tried to use it as your original file in your file pair. This won't work, as the original file can't be encrypted.

Share this post

Link to post
Share on other sites

GT500    593

GT500
Posted
16 hours ago, yousef_elmalk said:

i tried again by selecting the original files without copy and again after removing KIRATOS letter , but the same result ,

Those are errors on files in your recycle bin.

Did the decrypter actually decrypt any of your other files (documents, music, pictures, etc)?

Share this post

Link to post
Share on other sites

yousef_elmalk    0

yousef_elmalk
Posted

Yes, all data had infected 

documents, music, pictures, videos, games ... etc.

Those are errors on files in your recycle bin,   i will remove any data inside it and try again 

 


File: C:\Users\Z\Desktop\elle est d'ailleurs.mp3.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: C:\Users\Z\Desktop\IMG_0186.JPG.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: C:\Users\Z\Desktop\Lara Fabian - Adagio (English) Live.mp3.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\sales.xlsx.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\post malone rockstar.MP3.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\Rockstar feat 21savage.mp3.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\WhatsApp Image 2019-04-22 at 8.16.24 PM.jpeg.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

Share this post

Link to post
Share on other sites

GT500    593

GT500
Posted

Most of those files appear to have been encrypted 3 times (twice by STOP/Djvu, and once by something else).

 

18 hours ago, yousef_elmalk said:

File: E:\Rockstar feat 21savage.mp3.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

This should be decryptable if you are able to supply file pairs for an MP3 file.

Share this post

Link to post
Share on other sites

yousef_elmalk    0

yousef_elmalk
Posted

dear MR.GT 500

many of original files are not exist now, it was encrypted, such as my photos, so there is no original files are available, the problem on those files , i donot worry about any files available on internet like songs as i can download it again, my problem in those files that i can never find it again.

so kindly advice 

Share this post

Link to post
Share on other sites

GT500    593

GT500
Posted
5 hours ago, yousef_elmalk said:

i donot worry about any files available on internet like songs as i can download it again

If you have files you've downloaded that have been encrypted, and you can re-download the originals, then you can use them as your files pairs to help you recover some of your other files. This will work with many types of files, however it won't work with JPEG/JPG pictures, as there's an oddity with the JPEG file format that requires the pictures used in the file pair to be from the same source as the pictures you want to decrypt.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.