mario.rossi 0 Report post Posted May 4, 2019 Hi, all my files in D partition are encrypted with .dutan extension. I couldn't find a descrypter that handle this extension. Any one knows if there is a tool, or is developing? Thank you very much Quote Share this post Link to post Share on other sites
Amigo-A 83 Report post Posted May 4, 2019 You should give us more information. Upload the ransom note here. --- Probably, this is new variant of STOP Ransomware. There is a STOP Decrypter, but about official support for this variant has not yet been reported. Now is the weekend. Wait for a response from the support service soon. Quote Share this post Link to post Share on other sites
GT500 737 Report post Posted May 6, 2019 That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter 1 Quote Share this post Link to post Share on other sites
Amigo-A 83 Report post Posted May 7, 2019 mario.rossi Today the STOPDecrypter has been updated with the support of the .dutan extensionhttps://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Try decrypting some files first by making a copy of them for test. 1 Quote Share this post Link to post Share on other sites
mario.rossi 0 Report post Posted May 7, 2019 Thank you very much for the information. I haven't got the ransom note. I don't know if i reach delete it before they send me. But they don't leave any note. I'm trying the STOPDecrypter. I'll update you. Quote Share this post Link to post Share on other sites
Amigo-A 83 Report post Posted May 7, 2019 Sometimes there can be such a situation. Check if the Notebook is the default program? Create a simple text file on your Desktop. Write a few words there, save, close and open it renow. What program does it open in? Is it a Notepad or a MS Word? A ransom note should be called _readme.txt Quote Share this post Link to post Share on other sites
GT500 737 Report post Posted May 8, 2019 8 hours ago, Amigo-A said: Today the STOPDecrypter has been updated with the support of the .dutan extensionhttps://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip This is correct, however keep in mind that it will only decrypt a victim's files if they have an offline ID. For anyone with an ID that was generated while the ransomware was connected to its command and control servers, they will have to wait for an alternate solution. Attempting to decrypt files when the decrypter isn't able to find a key for your ID will result in corrupt files. Quote Share this post Link to post Share on other sites
mario.rossi 0 Report post Posted May 8, 2019 Here are the info of the STOPDecrypter [!] No keys were found for the following IDs: [*] ID: GPulTQCOse17a83x0IrTDl9RbLRvzrAdleqBic73 (.dutan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 68:A3:C4:DE:5B:D5 This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
mario.rossi 0 Report post Posted May 8, 2019 Here is the ransom note. The default application for .txt is notepad _readme.txt Quote Share this post Link to post Share on other sites
GT500 737 Report post Posted May 8, 2019 6 hours ago, mario.rossi said: Here are the info of the STOPDecrypter [!] No keys were found for the following IDs: [*] ID: GPulTQCOse17a83x0IrTDl9RbLRvzrAdleqBic73 (.dutan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 68:A3:C4:DE:5B:D5 This info has also been logged to STOPDecrypter-log.txt I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future. Quote Share this post Link to post Share on other sites
mario.rossi 0 Report post Posted May 9, 2019 17 hours ago, GT500 said: I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future. So the only thing i can do is wait and hoping he can figure out? He needs some datas more? Thank you very much for the support! Quote Share this post Link to post Share on other sites
GT500 737 Report post Posted May 9, 2019 7 hours ago, mario.rossi said: So the only thing i can do is wait and hoping he can figure out? Right now waiting is the best thing you can do. Just give the creator of STOPDecrypter some time, and he'll do what he can to help you. Quote Share this post Link to post Share on other sites
mario.rossi 0 Report post Posted May 10, 2019 4 hours ago, GT500 said: Right now waiting is the best thing you can do. Just give the creator of STOPDecrypter some time, and he'll do what he can to help you. Ok thank you! But most thanks to the STOPDecrypter's creator! Let's hope! Quote Share this post Link to post Share on other sites
mario.rossi 0 Report post Posted May 21, 2019 Hi, any update on this? Quote Share this post Link to post Share on other sites
GT500 737 Report post Posted May 22, 2019 23 hours ago, mario.rossi said: Hi, any update on this? Nothing at the moment. The creator of STOPDecrypter is hard at work trying to help people get keys to decrypt their files. We just need to give him enough time to work out solutions for everyone. Quote Share this post Link to post Share on other sites
