Recommended Posts

Hi, all my files in D partition are encrypted with .dutan extension. I couldn't find a descrypter that handle this extension. Any one knows if there is a tool, or is developing?

Thank you very much

Share this post


Link to post
Share on other sites

You should give us more information.
Upload the ransom note here.

---

Probably, this is new variant of STOP Ransomware

There is a STOP Decrypter, but about official support for this variant has not yet been reported.

Now is the weekend. Wait for a response from the support service soon. 

 

 

Share this post


Link to post
Share on other sites

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

  • Upvote 1

Share this post


Link to post
Share on other sites

Thank you very much for the information. 
I haven't got the ransom note. I don't know if i reach delete it before they send me. But they don't leave any note.
I'm trying the STOPDecrypter. I'll update you.

 

Share this post


Link to post
Share on other sites

Sometimes there can be such a situation. Check if the Notebook is the default program?
Create a simple text file on your Desktop. Write a few words there, save, close and open it renow.
What program does it open in? Is it a Notepad or a MS Word?

A ransom note should be called _readme.txt

Share this post


Link to post
Share on other sites
8 hours ago, Amigo-A said:

Today the STOPDecrypter has been updated with the support of the .dutan extension
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip

This is correct, however keep in mind that it will only decrypt a victim's files if they have an offline ID. For anyone with an ID that was generated while the ransomware was connected to its command and control servers, they will have to wait for an alternate solution. Attempting to decrypt files when the decrypter isn't able to find a key for your ID will result in corrupt files.

Share this post


Link to post
Share on other sites

Here are the info of the STOPDecrypter

[!] No keys were found for the following IDs:
[*] ID: GPulTQCOse17a83x0IrTDl9RbLRvzrAdleqBic73 (.dutan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 68:A3:C4:DE:5B:D5
This info has also been logged to STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites
6 hours ago, mario.rossi said:

Here are the info of the STOPDecrypter

[!] No keys were found for the following IDs:
[*] ID: GPulTQCOse17a83x0IrTDl9RbLRvzrAdleqBic73 (.dutan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 68:A3:C4:DE:5B:D5
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites
17 hours ago, GT500 said:

I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future.

So the only thing i can do is wait and hoping he can figure out? He needs some datas more?

Thank you very much for the support!

Share this post


Link to post
Share on other sites
7 hours ago, mario.rossi said:

So the only thing i can do is wait and hoping he can figure out?

Right now waiting is the best thing you can do. Just give the creator of STOPDecrypter some time, and he'll do what he can to help you. ;)

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

Right now waiting is the best thing you can do. Just give the creator of STOPDecrypter some time, and he'll do what he can to help you. ;)

Ok thank you! But most thanks to the STOPDecrypter's creator! 
Let's hope!

Share this post


Link to post
Share on other sites
23 hours ago, mario.rossi said:

Hi, any update on this?

Nothing at the moment. The creator of STOPDecrypter is hard at work trying to help people get keys to decrypt their files. We just need to give him enough time to work out solutions for everyone.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.