Recommended Posts

My data is encrypted with .etols ransomware. Please help me to remove this virus. Below is the text;

ATTENTION!

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-xuSAEnnA8P
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
064bervcogCziW3x2XXxdxaXUVH6DrGNlqJTbjVxntLyeeGomS

Share this post


Link to post
Share on other sites

That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:
https://id-ransomware.malwarehunterteam.com/

While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean.

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:
https://id-ransomware.malwarehunterteam.com/

While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean.

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

[!] No keys were found for the following IDs:
[*] ID: CziW3x2XXxdxaXUVH6DrGNlqJTbjVxntLyeeGomS (.jpg )
[*] ID: CziW3x2XXxdxaXUVH6DrGNlqJTbjVxntLyeeGomS (.etols )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:50:56:C0:00:08, 00:50:56:C0:00:01, C0:18:85:BF:76:5D, C2:18:85:BF:76:5D, C2:18:85:BF:7E:5D, D4:BE:D9:34:26:2F
This info has also been logged to STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites

[!] No keys were found for the following IDs:
[*] ID: CziW3x2XXxdxaXUVH6DrGNlqJTbjVxntLyeeGomS (.jpg )
[*] ID: CziW3x2XXxdxaXUVH6DrGNlqJTbjVxntLyeeGomS (.etols )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:50:56:C0:00:08, 00:50:56:C0:00:01, C0:18:85:BF:76:5D, C2:18:85:BF:76:5D, C2:18:85:BF:7E:5D, D4:BE:D9:34:26:2F
This info has also been logged to STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites
23 hours ago, Nasir80 said:

[!] No keys were found for the following IDs:
[*] ID: CziW3x2XXxdxaXUVH6DrGNlqJTbjVxntLyeeGomS (.jpg )
[*] ID: CziW3x2XXxdxaXUVH6DrGNlqJTbjVxntLyeeGomS (.etols )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:50:56:C0:00:08, 00:50:56:C0:00:01, C0:18:85:BF:76:5D, C2:18:85:BF:76:5D, C2:18:85:BF:7E:5D, D4:BE:D9:34:26:2F
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post


Link to post
Share on other sites
18 hours ago, Nasir80 said:

Yes

I'm rather suspicious about ABU.OMAR, and I recommend not replying to them.

Share this post


Link to post
Share on other sites
20 hours ago, Nasir80 said:

Any update Sir!

Work is still ongoing. No one's given up yet, even though it's taker longer than we'd like.

Share this post


Link to post
Share on other sites

Hello Bro my colleague files has been damaged with .nesa ransomware Below is the stop decryptor result  ;


[+] File: G:\4.0 Work Status\151026-Work Status of HVAC works (2)30 -10-15 A 3 format.xls.nesa
[-] No key for ID: yWTLmslCyQ2AGgPHNxLuYWRI1d1QvowygckDtQpu (.nesa )

[+] File: G:\4.0 Work Status\151026-Work Status of HVAC works (2)30 -10-15.xls.nesa
[-] No key for ID: yWTLmslCyQ2AGgPHNxLuYWRI1d1QvowygckDtQpu (.nesa )

[+] File: G:\4.0 Work Status\New folder\151008-Tower-B Fire, Plumbing Schedule of Completion.xlsx.nesa
[-] No key for ID: yWTLmslCyQ2AGgPHNxLuYWRI1d1QvowygckDtQpu (.nesa )

[+] File: G:\4.0 Work Status\New folder\151008-Tower-B HVAC Work Schedule of Completion.xlsx.nesa
[-] No key for ID: yWTLmslCyQ2AGgPHNxLuYWRI1d1QvowygckDtQpu (.nesa )

[+] File: G:\4.0 Work Status\New folder\151026-Work Status of HVAC works.xlsx.nesa
[-] No key for ID: yWTLmslCyQ2AGgPHNxLuYWRI1d1QvowygckDtQpu (.nesa )

[+] File: G:\4.0 Work Status\New folder\151027-Work Status of Plumbing & Fire works.xlsx.nesa
[-] No key for ID: yWTLmslCyQ2AGgPHNxLuYWRI1d1QvowygckDtQpu (.nesa )

Decrypted 0 files!
Skipped 6 files.

_readme.txt file contents

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-UV4s8jgncB
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0166hTlGeRsyWTLmslCyQ2AGgPHNxLuYWRI1d1QvowygckDtQpu

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.