Ahmed Emara 0 Report post Posted June 28 Hi guys, please can anyone help me finding decrypter for encrypted files with .radman extention and a way to remove all of those readme.txt Physical Address Ethernet : 18-03-73-8E-AA-BD Wi-fi : CC-AF-78-A7-EC-E9 Bluetooth Netwo: CC-AF-78-A7-EC-EA Ethernet 2 : 00-FF-8E-B7-D1-55 readme.txt is attached readme.txt Quote Share this post Link to post Share on other sites
Amigo-A 40 Report post Posted June 28 1 hour ago, Ahmed Emara said: a way to remove all of those readme.txt It is not recommended to delete readme.txt files. Currently impossible to decrypt the files, because an online-key was used for encryption . Only some cases can be decrypted, where the offline key was used and was found a original malicious file that has performed encryption. Perhaps in the future it will be possible to decrypt files, but this is only hope, not a fact. --- More about the encryptor: This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt a small group of files, only make copies of them before this. Otherwise files may be damaged. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
Amigo-A 40 Report post Posted June 28 @Ahmed Emara You need mac-address of a network (wired) card or wi-fi, through which you were connected to the Internet at the time of the attack of the STOP ransomware. Quote Share this post Link to post Share on other sites
GT500 589 Report post Posted June 29 8 hours ago, Amigo-A said: You need only one mac-address of a network (wired) card or wi-fi, through which you were connected to the Internet at the time of the attack of the STOP ransomware. Only one. Unfortunately STOP/Djvu seems to pick a random adapter, so we actually do need all of the MAC addresses for all of the network adapters. Quote Share this post Link to post Share on other sites
Amigo-A 40 Report post Posted June 29 7 hours ago, GT500 said: Unfortunately STOP/Djvu seems to pick a random adapter, Ok. So be it. The main thing that it could help. Quote Share this post Link to post Share on other sites
GT500 589 Report post Posted October 19 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
