Jump to content

.nasoh file encrypted, Please help

Din

By Din,
in Help, my files are encrypted!

 Share Followers 1

Recommended Posts

Din

Din 1

Posted
Posted

Hi guys please help, my dad has some virus called nasoh, can you please help him? He need to recover his files

And now the STOPDecrypter gave me this

[+] Loaded 77 offline keys
Please archive the following info in case of future decryption:
[*] ID: bAf4dxBY0O0XDUS3KRttk3nIvtSDVSY4Tn1MHAiC
[*] MACs: F4:39:09:84:34:4F, 76:40:BB:E8:F8:9F, 00:FF:2F:58:3B:E4, 74:40:BB:E8:F8:9F, 74:40:BB:E8:F8:A0
This info has also been logged to STOPDecrypter-log.txt

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

Hello @eloby

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. 
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. 

You need to attach a ransom note _readme.txt  to the message, or farther act by himself.

@Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. 

You can try to decrypt files with STOPDecrypter.

Download STOP Decrypter now >>>

I recommend to you start decrypt with a small group of files, but first you need to make copies of these files.

If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:
https://kb.gt500.org/stopdecrypter 

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

Hello @Din

 

OK

Your information will be archived by STOP Decrypter's developer. He often views topics here. This does not mean that today he will write a messages to everyone.

There are a lot of victims of STOP Ransomware. Now it is the most active and successful ransomware-program for extortionists.

You can tell him about your case. Enough to do this only once. Understand that there are many victims, but he alone makes and updates the freeware STOP Decrypter.

Link to post
Share on other sites
eloby

eloby 0

Posted
Posted
3 hours ago, Amigo-A said:

Hello @eloby

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. 
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. 

You need to attach a ransom note _readme.txt  to the message, or farther act by himself.

@Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. 

You can try to decrypt files with STOPDecrypter.

Download STOP Decrypter now >>>

I recommend to you start decrypt with a small group of files, but first you need to make copies of these files.

If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:
https://kb.gt500.org/stopdecrypter 

hello! here is attached the txt file thas was in my desk

and this is what i got at the beggining of the scan from STOPDecrypter:

[+] Loaded 77 offline keys
Please archive the following info in case of future decryption:
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD
[*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT
[*] MACs: 00:1C:C4:8B:B5:30
This info has also been logged to STOPDecrypter-log.txt

 

this is what i get when it finnished running:


[!] No keys were found for the following IDs:
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.nasoh )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.avi )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.docx )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.bmp )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.ico )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.zip )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.dyn )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.xnb )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.jpg )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:1C:C4:8B:B5:30
This info has also been logged to STOPDecrypter-log.txt

 

Is there any way to recover the rest of my files? none of the files in the user folders were decrypted and those are the ones that i need 

_readme.txt

Link to post
Share on other sites
GT500

GT500 861

Posted
Posted
19 hours ago, Din said:

here is

STOPDecrypter-log.txt 358 B · 1 download

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Link to post
Share on other sites
GT500

GT500 861

Posted
Posted
1 hour ago, eloby said:

[+] Loaded 77 offline keys
Please archive the following info in case of future decryption:
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD
[*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT
[*] MACs: 00:1C:C4:8B:B5:30
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Link to post
Share on other sites
Din

Din 1

Posted
  • Author
Posted
2 hours ago, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Thank you emi, i will wait. 

Link to post
Share on other sites
eloby

eloby 0

Posted
Posted
On 8/14/2019 at 6:53 PM, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

thank you!!

Link to post
Share on other sites
GT500

GT500 861

Posted
Posted
22 hours ago, Din said:

please help me guys, my dad need his data soon. 

Soon may not be possible (some people have been waiting for 6-7 months). If you need immediate file recovery, then you may want to consider contacting Coveware, as they can help you by contacting the criminal behind the ransomware and negotiate a lower price for you.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 01/28/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...