Ghadir

Sarut files

By Ghadir, in Help, my files are encrypted!

Recommended Posts

Ghadir    0

Ghadir
Posted

[!] No keys were found for the following IDs:
[*] ID: eopLk8km8mho7OZpdmseOsLi0fFK2XYrjixHjGKp (.sarut )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 34:E6:D7:30:FF:C5, D8:FC:93:48:88:B7, D8:FC:93:48:88:B6, D8:FC:93:48:88:BA
This info has also been logged to STOPDecrypter-log.txt

please help me decrypt sarut files😭

Share this post

Link to post
Share on other sites

GT500    574

GT500
Posted

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

  • Thanks 1

Share this post

Link to post
Share on other sites

GVP    0

GVP
Posted

[+] Loaded 52 offline keys
Please archive the following info in case of future decryption:
[*] MACs: C0:CB:38:94:D0:80, C0:CB:38:94:D0:80
This info has also been logged to STOPDecrypter-log.txt

Share this post

Link to post
Share on other sites

Amigo-A    35

Amigo-A
Posted

@GVP

Hello. See the first post of the topic. Compare the texts. 
You did not specify the ID and the extension, that your files received after encryption.

Try running the STOPDecrypter again and copy information from him.

Share this post

Link to post
Share on other sites

Amigo-A    35

Amigo-A
Posted

@Ghadir

@GVP

A malicious program can leave Trojans and stealers of personal information on your PC after its work.

It is configured to cause the most harm and can work secretly for a long time.

Check PC with Emsisoft Emergency Kit to exclude re-encryption: 
http://www.emsisoft.com/en/software/eek/

Only do not select the option to delete files in quarantine, so that experts can see the result later.

Share this post

Link to post
Share on other sites

GT500    574

GT500
Posted
On 7/6/2019 at 6:34 AM, GVP said:

[+] Loaded 52 offline keys
Please archive the following info in case of future decryption:
[*] MACs: C0:CB:38:94:D0:80, C0:CB:38:94:D0:80
This info has also been logged to STOPDecrypter-log.txt

That information is missing your ID. If you look in your Download folder, there should be a folder named "STOPDecrypter". Inside that folder should be a file named "STOPDecrypter-log". Would it be possible for you to attach that log to a reply for me to review it?

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.