Recommended Posts

اصيب حاسبي بفيروس امتداده .stone

وتشفرت جميع الملفات 

وأحتاج حل غير الفورمات لضرورة عملي

Share this post


Link to post
Share on other sites

Hello

It is advisable alwais to translate your text into English, so that most experts understand. Use Google translator.
Arabic language and letter is very different from other languages and we will not be able talking.

Google translator helped us understand your text along with the word .stone

 

Share this post


Link to post
Share on other sites
Quote

All files are encrypted with .stone extension

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues.
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected.

Demonslay335  (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.

To identify this Ransomware and confirm my information, you can use the service ID Ransomware.
He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here -  Mac-address of network device. 

---

If STOPDecrypter can't recover your files, then it can be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Share this post


Link to post
Share on other sites

The support team will review the logs and tell you what to do.

Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.

Share this post


Link to post
Share on other sites

I want to say a VERY VERY VERY BIG THANK YOU to all the administrators of this website and the person(s) who made the STOPDecrypter. I just read Amigo-A's reply like 4 minutes ago, downloaded the decrypter and right now I'm decrypting my files. They happened to be the Djvu variant with the .stone extension. I've been searching since last week Saturday when I had the attack.

Once again, thank you very much. I'm grateful.

Share this post


Link to post
Share on other sites

I'm happy for you. It helps if an offline key was found and added to the decryptor.
Files encrypted with online keys can only be decrypted by extortionists.

Share this post


Link to post
Share on other sites

Please help

[!] No keys were found for the following IDs:
[*] ID: FjofVwRjqWhl4z02lIlCQxukXb6y62nM2NYrnjfD (.stone )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: C4:34:6B:4B:7D:A2, 1A:EE:65:CB:59:0E, 2A:EE:65:CB:59:0E, 4A:EE:65:CB:59:0E, B8:EE:65:CB:59:0E, B8:EE:65:CB:9A:AE
This info has also been logged to STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites
11 hours ago, Akkhilraj said:

[!] No keys were found for the following IDs:
[*] ID: FjofVwRjqWhl4z02lIlCQxukXb6y62nM2NYrnjfD (.stone )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: C4:34:6B:4B:7D:A2, 1A:EE:65:CB:59:0E, 2A:EE:65:CB:59:0E, 4A:EE:65:CB:59:0E, B8:EE:65:CB:59:0E, B8:EE:65:CB:9A:AE
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post


Link to post
Share on other sites

[+] Loaded 43 offline keys
Please archive the following info in case of future decryption:
[*] ID: BU8tOHiCk33ytmiA6EEYDhkduUbKttiPGzKiciY5
[*] MACs: 00:FF:89:E2:0E:BD, 24:EC:99:E0:56:B8, 00:8C:FA:23:F9:6B, 24:EC:99:E0:56:B8
This info has also been logged to STOPDecrypter-log.txt
 

Share this post


Link to post
Share on other sites
7 hours ago, Geopet said:

[+] Loaded 43 offline keys
Please archive the following info in case of future decryption:
[*] ID: BU8tOHiCk33ytmiA6EEYDhkduUbKttiPGzKiciY5
[*] MACs: 00:FF:89:E2:0E:BD, 24:EC:99:E0:56:B8, 00:8C:FA:23:F9:6B, 24:EC:99:E0:56:B8
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.