Norddine

my file have crypted and become .stone

Recommended Posts

My P.C has been pirated and all my files got the extenstion . stone and I got a notepad message asking me to pay a sum of money to be able to get back my files. below is the message

TTENTION!

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-4Orti6OnRT
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Our Telegram account:
@datarestore

Your personal ID:
092aUShd36487GSYfsdfOOqf5MmKYGhef0kpRGrshoRDoY4IKzSXCrQ5yCy7

 

!!!RESTORE_DATA!!!.txt.stone

Please help me get my files back

Norddine lembardi

[email protected]

 

Share this post


Link to post
Share on other sites

Hi. My PC got hacked and all my files are encrypted. All of them end up with. Stone. The doer sent me a message asking for a ransom to decrypt them. Please I need your help

Share this post


Link to post
Share on other sites

That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:
https://id-ransomware.malwarehunterteam.com/

While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean.

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites
Quote

extension .stone

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. The malware variant of STOP ransomware, which has been encrypted files and added the .stone extension to them, was active in November-December 2018.
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. 

@Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible.

Download STOP Decrypter >>>

First try to decrypt a small group of files, only  make copies of them before this.

If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

 

Share this post


Link to post
Share on other sites

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post


Link to post
Share on other sites

I was able to decrypt 90% of .stone files with STOPDecryptor, but they all mostly unimportant media files (images, songs, videos). Still most of my imortant PDFs, Excels, JPEGs are not recovered. What could be the problem. I was trying since 50 odd offline keys, it worked when 87 offline keys available. Now no further developemtn in STOPDecryptor, is there any hope.

The latest decrypt_STOPDjvu not at all working with my .stone files.

 

 

ATTENTION!

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-4Orti6OnRT
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Our Telegram account:
@datarestore

Your personal ID:
092aUShd36487GSYfsdf75WDQBcpIw6esW53w5KYpq6rtiCmhg2giWxWcGTj

Share this post


Link to post
Share on other sites
11 hours ago, Nivas said:

Now no further developemtn in STOPDecryptor, is there any hope.

STOPDecrypter was retired in favor of a new decrypter. You can find more information at the following links:

https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ (our original announcement)

https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/ (instructions can be found in this article)

https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ (further information, links, etc)

Note that you may need to upload file pairs to the online submission form. The third link has a short explanation of what this means.

  • Confused 1

Share this post


Link to post
Share on other sites

I know this forum etiquette. I read all the above 3 links before posting, surprisingly all links lead me to same descryption tool that I already tried as I mentioned in my first post.

Uploading pairs also took me to the same decryptor.

I am unable to open the downloaded decryptor now, may be my windows issue. But I have the same v1.0.0.1 downloaded earlier that was working and not effective for my .stone files.

 

Share this post


Link to post
Share on other sites

Pairs or submission form, All links taking me to the same default descrytor (decrypt_STOPDjvu v 1.0.01), which is not working on .stone as of now.  

 

Share this post


Link to post
Share on other sites
22 hours ago, Nivas said:

... which is not working on .stone as of now. 

It works for older variants when the files have an online ID only if you upload file pairs.

Do you really not see the submission form at the above link? It looks like the following screenshot:

image.png
Download Image

Share this post


Link to post
Share on other sites

Since my first thread I say the same thing...No matter which link I try, it took to the same decryption tool. Even submission pair also taking to the same decryption tool that I already has and tried. 1.0.0.1 the same one always.

 

Share this post


Link to post
Share on other sites
14 hours ago, Nivas said:

Since my first thread I say the same thing...No matter which link I try, it took to the same decryption tool. Even submission pair also taking to the same decryption tool that I already has and tried. 1.0.0.1 the same one always.

You're saying "decryption tool", not "webpage". I'm not asking if the tool is the same. I already know it is, and that because there's only one tool that will work.

Now, the important thing is, do you see the submission form at the following link?
https://decrypter.emsisoft.com/submit/stopdjvu/

If the answer is "yes", then you can use it to upload file pairs. This is necessary for the decrypter to work, since you have an online ID.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.