moderashd

Kiratos Ransomware Infected

Recommended Posts

TWO days ago I got my Laptop installing its self a software and opening Ad pages. It kept on installing and doing the same. At the time I did not know what was going on. I never open emails unknown to me, however it started after I disabled the Antivirus as i was about to change the Antivirus software. It did not affect any files on my WIndows drive. However It has infected all the files in my second driver (Attached Picture). I have loads of pictures in this driver and these are very important memories. Please help me find a solution. 

Kiratos Encrypted file.JPG
Download Image

Share this post


Link to post
Share on other sites

This is more than likely a variant of the STOP/Djvu ransomware. The time window on being able to figure out decryption keys for the .kiratos variant has passed, however you can still send us your ID and MAC addresses if you would like for the information to be archived in case there's a possibility of figuring out your decryption key at some point in the future. You can follow the instructions at the link below for getting this information with STOPDecrypter if you'd like to do this:
https://kb.gt500.org/stopdecrypter

Share this post


Link to post
Share on other sites

Thank you for your valuable time to help us find a solution. Below is the details i got from the STOPDecrypter. 

[!] No keys were found for the following IDs:
[*] ID: jpEPrhj17Fc672R4bJVd8ZGLPdg5Pec79XmYdzlD (.kiratos )
[*] ID: e4Z7Ued2uSyQfbA7vS8VKtF2dGKGH8qEQ4E1Uht1 (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MAC: 18:03:73:85:45:13
[*] MAC: AC:72:89:88:3B:14
[*] MAC: AC:72:89:88:3B:18
 

Share this post


Link to post
Share on other sites
7 hours ago, moderashd said:

[*] ID: jpEPrhj17Fc672R4bJVd8ZGLPdg5Pec79XmYdzlD (.kiratos )
[*] ID: e4Z7Ued2uSyQfbA7vS8VKtF2dGKGH8qEQ4E1Uht1 (.kiratos )

One of these is an offline ID, however the other one is not. I will send you information in a private message for the offline ID, and I will pass your information on to the creator of STOPDecrypter for the other one.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.