Ghadir 0 Posted May 8, 2019 Report Share Posted May 8, 2019 [!] No keys were found for the following IDs: [*] ID: eopLk8km8mho7OZpdmseOsLi0fFK2XYrjixHjGKp (.sarut ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 34:E6:D7:30:FF:C5, D8:FC:93:48:88:B7, D8:FC:93:48:88:B6, D8:FC:93:48:88:BA This info has also been logged to STOPDecrypter-log.txt please help me decrypt sarut filesš Quote Link to post Share on other sites
GT500 854 Posted May 8, 2019 Report Share Posted May 8, 2019 That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter 1 Quote Link to post Share on other sites
GVP 0 Posted July 6, 2019 Report Share Posted July 6, 2019 [+] Loaded 52 offline keys Please archive the following info in case of future decryption: [*] MACs: C0:CB:38:94:D0:80, C0:CB:38:94:D0:80 This info has also been logged to STOPDecrypter-log.txt Quote Link to post Share on other sites
Amigo-A 136 Posted July 7, 2019 Report Share Posted July 7, 2019 @GVP Hello. See the first post of the topic. Compare the texts.Ā You did not specify the ID and the extension, that your files received after encryption. Try running the STOPDecrypter again and copy information from him. Quote Link to post Share on other sites
Amigo-A 136 Posted July 7, 2019 Report Share Posted July 7, 2019 @Ghadir @GVP A malicious program can leave Trojans and stealersĀ of personal information on your PC after its work. It is configured to cause the most harm and can work secretly for a long time. Check PC with Emsisoft Emergency Kit to exclude re-encryption:Ā http://www.emsisoft.com/en/software/eek/ Only do not select the option to delete files in quarantine, so that experts can see the result later. Quote Link to post Share on other sites
GT500 854 Posted July 9, 2019 Report Share Posted July 9, 2019 On 7/6/2019 at 6:34 AM, GVP said: [+] Loaded 52 offline keys Please archive the following info in case of future decryption: [*] MACs: C0:CB:38:94:D0:80, C0:CB:38:94:D0:80 This info has also been logged to STOPDecrypter-log.txt That information is missing your ID. If you look in your Download folder, there should be a folder named "STOPDecrypter". Inside that folder should be a file named "STOPDecrypter-log". Would it be possible for you to attach that log to a reply for me to review it? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.