Din 1 Report post Posted August 13 Hi guys please help, my dad has some virus called nasoh, can you please help him? He need to recover his files And now the STOPDecrypter gave me this [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: bAf4dxBY0O0XDUS3KRttk3nIvtSDVSY4Tn1MHAiC [*] MACs: F4:39:09:84:34:4F, 76:40:BB:E8:F8:9F, 00:FF:2F:58:3B:E4, 74:40:BB:E8:F8:9F, 74:40:BB:E8:F8:A0 This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
Amigo-A 35 Report post Posted August 13 Hello @Din Attach a ransom note _readme.txt to your message Quote Share this post Link to post Share on other sites
Din 1 Report post Posted August 13 Here is... _readme.txt Quote Share this post Link to post Share on other sites
GT500 574 Report post Posted August 14 @Din could you also attach the log from STOPDecrypter to a reply so that we can take a look at it? Quote Share this post Link to post Share on other sites
Din 1 Report post Posted August 14 here is STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
eloby 0 Report post Posted August 14 hello! I have the same ransomware D: if you could find a solution please contact me or post it here, I'm really worried because all my work's files are encrypted Quote Share this post Link to post Share on other sites
Amigo-A 35 Report post Posted August 14 Hello @eloby This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
Amigo-A 35 Report post Posted August 14 Hello @Din OK Your information will be archived by STOP Decrypter's developer. He often views topics here. This does not mean that today he will write a messages to everyone. There are a lot of victims of STOP Ransomware. Now it is the most active and successful ransomware-program for extortionists. You can tell him about your case. Enough to do this only once. Understand that there are many victims, but he alone makes and updates the freeware STOP Decrypter. Quote Share this post Link to post Share on other sites
eloby 0 Report post Posted August 14 3 hours ago, Amigo-A said: Hello @eloby This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:https://kb.gt500.org/stopdecrypter hello! here is attached the txt file thas was in my desk and this is what i got at the beggining of the scan from STOPDecrypter: [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD [*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt this is what i get when it finnished running: [!] No keys were found for the following IDs: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.nasoh ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.avi ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.docx ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.bmp ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.ico ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.zip ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.dyn ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.xnb ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.jpg ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt Is there any way to recover the rest of my files? none of the files in the user folders were decrypted and those are the ones that i need _readme.txt Quote Share this post Link to post Share on other sites
GT500 574 Report post Posted August 14 19 hours ago, Din said: here is STOPDecrypter-log.txt 358 B · 1 download I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
GT500 574 Report post Posted August 14 1 hour ago, eloby said: [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD [*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
Din 1 Report post Posted August 15 2 hours ago, GT500 said: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Thank you emi, i will wait. Quote Share this post Link to post Share on other sites
eloby 0 Report post Posted August 16 On 8/14/2019 at 6:53 PM, GT500 said: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. thank you!! Quote Share this post Link to post Share on other sites
Din 1 Report post Posted August 19 please help me guys, my dad need his data soon. Quote Share this post Link to post Share on other sites
GT500 574 Report post Posted August 20 22 hours ago, Din said: please help me guys, my dad need his data soon. Soon may not be possible (some people have been waiting for 6-7 months). If you need immediate file recovery, then you may want to consider contacting Coveware, as they can help you by contacting the criminal behind the ransomware and negotiate a lower price for you. Quote Share this post Link to post Share on other sites
