Jump to content

.Kiratos Decryptor


Recommended Posts

On 7/7/2019 at 2:29 PM, Xcf said:

.kiratos virus extension

Personal ID:
072Asdju732sdfAdh1dAZcn629IyyOMmOEYoGDOmaxsTwvupU2MFl0WZV

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Link to comment
Share on other sites

  • 4 weeks later...
  • 2 months later...

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Link to comment
Share on other sites

  • 1 month later...
2 hours ago, yousef_elmalk said:

MR. GT 500

i tried to upload the same file through tool  but i faced below error 

 

Invalid file pair; encrypted file incorrect size

Your files in your screenshot are exactly the same size. This suggests that you may have made a copy of the encrypted file, removed .kiratos from the name, and tried to use it as your original file in your file pair. This won't work, as the original file can't be encrypted.

Link to comment
Share on other sites

16 hours ago, yousef_elmalk said:

i tried again by selecting the original files without copy and again after removing KIRATOS letter , but the same result ,

Those are errors on files in your recycle bin.

Did the decrypter actually decrypt any of your other files (documents, music, pictures, etc)?

Link to comment
Share on other sites

Yes, all data had infected 

documents, music, pictures, videos, games ... etc.

Those are errors on files in your recycle bin,   i will remove any data inside it and try again 

 


File: C:\Users\Z\Desktop\elle est d'ailleurs.mp3.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: C:\Users\Z\Desktop\IMG_0186.JPG.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: C:\Users\Z\Desktop\Lara Fabian - Adagio (English) Live.mp3.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\sales.xlsx.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\post malone rockstar.MP3.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\Rockstar feat 21savage.mp3.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

File: E:\WhatsApp Image 2019-04-22 at 8.16.24 PM.jpeg.kiratos.zyaspgnf.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

Link to comment
Share on other sites

Most of those files appear to have been encrypted 3 times (twice by STOP/Djvu, and once by something else).

 

18 hours ago, yousef_elmalk said:

File: E:\Rockstar feat 21savage.mp3.kiratos
Error: Unable to decrypt file with ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT

This should be decryptable if you are able to supply file pairs for an MP3 file.

Link to comment
Share on other sites

  • 2 weeks later...

dear MR.GT 500

many of original files are not exist now, it was encrypted, such as my photos, so there is no original files are available, the problem on those files , i donot worry about any files available on internet like songs as i can download it again, my problem in those files that i can never find it again.

so kindly advice 

Link to comment
Share on other sites

5 hours ago, yousef_elmalk said:

i donot worry about any files available on internet like songs as i can download it again

If you have files you've downloaded that have been encrypted, and you can re-download the originals, then you can use them as your files pairs to help you recover some of your other files. This will work with many types of files, however it won't work with JPEG/JPG pictures, as there's an oddity with the JPEG file format that requires the pictures used in the file pair to be from the same source as the pictures you want to decrypt.

Link to comment
Share on other sites

  • 5 months later...

Please help me with the  kiratos ransomware

[!] No keys were found for the following IDs:
[*] ID: nnIfl4Ey56gYqnkwIYvrAjRTStvfQNUpCtdbuKgR (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: , 00:FF:F3:46:65:7E, 44:87:FC:5A:57:D8
This info has also been logged to STOPDecrypter-log.txt

 

Link to comment
Share on other sites

  • 1 month later...
5 hours ago, ahmed0z0 said:

help me please 

personal ID:
072Asdju732sdfAdhnChN25eVzBdHUsgvENJ6On1xmCy0MEyouWG2PAYE

You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites

  • 2 months later...
9 hours ago, alirezacr2 said:

Your personal ID:
072Asdju732sdfAdhSQNVUE6ib8ZCcAdENgPBSQ6u0HkIljoOG0BtNcwI

This is an older variant of the STOP/Djvu ransomware. There is more information (and a decrypter download) at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

You'll need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files.

Link to comment
Share on other sites

3 hours ago, GT500 said:

This is an older variant of the STOP/Djvu ransomware. There is more information (and a decrypter download) at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

You'll need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files.

i dont know how i have to fix my problem and i tested the djvu decrypter. please help me

Link to comment
Share on other sites

3 hours ago, GT500 said:

This is an older variant of the STOP/Djvu ransomware. There is more information (and a decrypter download) at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

You'll need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files.

https://decrypter.emsisoft.com/submit/stopdjvu/ i went here but if i had the original file of my encrypted file i didnt come to you for fixing

Link to comment
Share on other sites

16 hours ago, alirezacr2 said:

can you build a decrypter for me ?

No, we already have a decrypter. You'll need to have original copies of at least a few encrypted files available in order for our servers to generate a keystream for the decrypter to use.

Check anywhere you may have saved or sent files in the past. Check your phone, memory cards, USB flash drives or hard drives. Also check websites you may have uploaded files to such as social media, file sharing networks, e-mail or other messaging services, etc. You can also ask friends and family who you may have shared files with to see if they have original copies of any of your encrypted files.

Link to comment
Share on other sites

  • 2 weeks later...
7 hours ago, Michlos said:

File: D:\BACKUP MICHLOS PROJETOS\Achei Pra VC\Projeto\SQL FILES\01 - Create Databank.sql.kiratos
Error: Unable to decrypt Old Variant ID: OFHUhlnyj1ofHqYcTuFXbtkE8MAiSpBDvlJVeFBa
First 5 bytes: 2D2D2F2F43

You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  • Like 1
Link to comment
Share on other sites

On 9/23/2020 at 1:47 AM, GT500 said:

You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Tnks GT.

I uploaded the files. But, I was able to decrypt just one XML file.

I will w8 for an other emsisoft compiller to try it again.

 

Link to comment
Share on other sites

5 hours ago, Michlos said:

I will w8 for an other emsisoft compiller to try it again.

There are no plans for any changes to this system.

What kind of files are you trying to decrypt? Plain text files are usually not decryptable, as they would need to share the same first 5 bytes with the file pair you use (this is why the decrypter tells you the first 5 bytes of every encrypted file it can't decrypt), and plain text files only share the same first 5 bytes with other files if they start with the same 5 or 6 characters.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...