Recommended Posts

Hi guys, 
please can anyone help me finding decrypter for encrypted files with .radman extention and a way to remove all of those readme.txt 

 

Physical Address

Ethernet     : 18-03-73-8E-AA-BD
Wi-fi          : CC-AF-78-A7-EC-E9
Bluetooth Netwo: CC-AF-78-A7-EC-EA
Ethernet 2 : 00-FF-8E-B7-D1-55


readme.txt is attached 

readme.txt

Share this post


Link to post
Share on other sites
1 hour ago, Ahmed Emara said:

a way to remove all of those readme.txt 

It is not recommended to delete readme.txt files.

Currently impossible to decrypt the files, because an online-key was used for encryption  .
Only some cases can be decrypted, where the offline key was used and was found a original malicious file that has performed encryption.
Perhaps in the future it will be possible to decrypt files, but this is only hope, not a fact.

---

More about the encryptor:

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. 
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. 

@Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible.

Download STOP Decrypter >>>

First try to decrypt a small group of files, only  make copies of them before this. Otherwise files may be damaged.

If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter 

Share this post


Link to post
Share on other sites

@Ahmed Emara

 You need mac-address of a network (wired) card or wi-fi, through which you were connected to the Internet at the time of the attack of the STOP ransomware. 

 

Share this post


Link to post
Share on other sites
8 hours ago, Amigo-A said:

You need only one mac-address of a network (wired) card or wi-fi, through which you were connected to the Internet at the time of the attack of the STOP ransomware. Only one. 

Unfortunately STOP/Djvu seems to pick a random adapter, so we actually do need all of the MAC addresses for all of the network adapters.

Share this post


Link to post
Share on other sites
7 hours ago, GT500 said:

Unfortunately STOP/Djvu seems to pick a random adapter,

Ok. So be it. The main thing that it could help.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.