Jump to content

kiratos attack

Recommended Posts

Any files encrypted with the .kiratos extension are related to a newer variant of STOP (DJVU) Ransomware.

Please read the first page here for a summary of this ransomware, it's variants and possible decryption solutions with instructions
AND the
***IMPORTANT: @ ALL VICTIMS.... note at the top. "Before asking questions...PLEASE READ these Frequently Asked Questions (FAQs)."

You need to post the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above topic if STOPDecrypter is unable to decrypt your files so the developer, Demonslay335 (Michael Gillespie), can archive your information in case a future solution becomes available.

Link to comment
Share on other sites

STOPDecrypter is unable to decrypt the files.

Please find below the required information: 

ID: e4Z7Ued2uSyQfbA7vS8VKtF2dGKGH8qEQ4E1Uht1 (.kiratos )
[*] ID: e4Z7Ued2uSyQfbA7vS8VKtF2dGKGH8qEQ4E1Uht1 (.pdf )

[*] MAC: 5E:93:A2:E9:0C:C5
[*] MAC: 00:FF:72:52:C9:D4
[*] MAC: 5C:93:A2:E9:0C:C6
[*] MAC: 1E:93:A2:E9:0C:C5
[*] MAC: 5C:93:A2:E9:0C:C5
[*] MAC: 00:FF:CE:51:A2:42
[*] MAC: 68:F7:28:25:EE:63
[*] MAC: 00:50:56:C0:00:01
[*] MAC: 00:50:56:C0:00:08

Link to comment
Share on other sites

8 hours ago, Mehdi Ben Amor said:

ID: e4Z7Ued2uSyQfbA7vS8VKtF2dGKGH8qEQ4E1Uht1 (.kiratos )

That's an offline ID, however support for it has yet to be added to STOPDecrypter. I'm going to send you a private message with more information.

Link to comment
Share on other sites

  • 5 months later...

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...