Jump to content

Recommended Posts

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

  • Upvote 1
Link to post
Share on other sites

Sometimes there can be such a situation. Check if the Notebook is the default program?
Create a simple text file on your Desktop. Write a few words there, save, close and open it renow.
What program does it open in? Is it a Notepad or a MS Word?

A ransom note should be called _readme.txt

Link to post
Share on other sites
8 hours ago, Amigo-A said:

Today the STOPDecrypter has been updated with the support of the .dutan extension
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip

This is correct, however keep in mind that it will only decrypt a victim's files if they have an offline ID. For anyone with an ID that was generated while the ransomware was connected to its command and control servers, they will have to wait for an alternate solution. Attempting to decrypt files when the decrypter isn't able to find a key for your ID will result in corrupt files.

Link to post
Share on other sites

Here are the info of the STOPDecrypter

[!] No keys were found for the following IDs:
[*] ID: GPulTQCOse17a83x0IrTDl9RbLRvzrAdleqBic73 (.dutan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 68:A3:C4:DE:5B:D5
This info has also been logged to STOPDecrypter-log.txt
Link to post
Share on other sites
6 hours ago, mario.rossi said:

Here are the info of the STOPDecrypter

[!] No keys were found for the following IDs:
[*] ID: GPulTQCOse17a83x0IrTDl9RbLRvzrAdleqBic73 (.dutan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 68:A3:C4:DE:5B:D5
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future.

Link to post
Share on other sites
17 hours ago, GT500 said:

I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future.

So the only thing i can do is wait and hoping he can figure out? He needs some datas more?

Thank you very much for the support!

Link to post
Share on other sites
7 hours ago, mario.rossi said:

So the only thing i can do is wait and hoping he can figure out?

Right now waiting is the best thing you can do. Just give the creator of STOPDecrypter some time, and he'll do what he can to help you. ;)

Link to post
Share on other sites
  • 2 weeks later...
23 hours ago, mario.rossi said:

Hi, any update on this?

Nothing at the moment. The creator of STOPDecrypter is hard at work trying to help people get keys to decrypt their files. We just need to give him enough time to work out solutions for everyone.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...