Din

.nasoh file encrypted, Please help

By Din, in Help, my files are encrypted!

Recommended Posts

Din    1

Din
Posted

Hi guys please help, my dad has some virus called nasoh, can you please help him? He need to recover his files

And now the STOPDecrypter gave me this

[+] Loaded 77 offline keys
Please archive the following info in case of future decryption:
[*] ID: bAf4dxBY0O0XDUS3KRttk3nIvtSDVSY4Tn1MHAiC
[*] MACs: F4:39:09:84:34:4F, 76:40:BB:E8:F8:9F, 00:FF:2F:58:3B:E4, 74:40:BB:E8:F8:9F, 74:40:BB:E8:F8:A0
This info has also been logged to STOPDecrypter-log.txt

Share this post

Link to post
Share on other sites

eloby    0

eloby
Posted

hello! I have the same ransomware D: 

if you could find a solution please contact me or post it here, I'm really worried because all my work's files are encrypted 

Share this post

Link to post
Share on other sites

Amigo-A    61

Amigo-A
Posted

Hello @eloby

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. 
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. 

You need to attach a ransom note _readme.txt  to the message, or farther act by himself.

@Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. 

You can try to decrypt files with STOPDecrypter.

Download STOP Decrypter now >>>

I recommend to you start decrypt with a small group of files, but first you need to make copies of these files.

If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:
https://kb.gt500.org/stopdecrypter 

Share this post

Link to post
Share on other sites

Amigo-A    61

Amigo-A
Posted

Hello @Din

 

OK

Your information will be archived by STOP Decrypter's developer. He often views topics here. This does not mean that today he will write a messages to everyone.

There are a lot of victims of STOP Ransomware. Now it is the most active and successful ransomware-program for extortionists.

You can tell him about your case. Enough to do this only once. Understand that there are many victims, but he alone makes and updates the freeware STOP Decrypter.

Share this post

Link to post
Share on other sites

eloby    0

eloby
Posted
3 hours ago, Amigo-A said:

Hello @eloby

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. 
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. 

You need to attach a ransom note _readme.txt  to the message, or farther act by himself.

@Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. 

You can try to decrypt files with STOPDecrypter.

Download STOP Decrypter now >>>

I recommend to you start decrypt with a small group of files, but first you need to make copies of these files.

If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:
https://kb.gt500.org/stopdecrypter 

hello! here is attached the txt file thas was in my desk

and this is what i got at the beggining of the scan from STOPDecrypter:

[+] Loaded 77 offline keys
Please archive the following info in case of future decryption:
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD
[*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT
[*] MACs: 00:1C:C4:8B:B5:30
This info has also been logged to STOPDecrypter-log.txt

 

this is what i get when it finnished running:


[!] No keys were found for the following IDs:
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.nasoh )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.avi )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.docx )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.bmp )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.ico )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.zip )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.dyn )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.xnb )
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.jpg )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:1C:C4:8B:B5:30
This info has also been logged to STOPDecrypter-log.txt

 

Is there any way to recover the rest of my files? none of the files in the user folders were decrypted and those are the ones that i need 

_readme.txt

Share this post

Link to post
Share on other sites

GT500    645

GT500
Posted
19 hours ago, Din said:

here is

STOPDecrypter-log.txt 358 B · 1 download

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post

Link to post
Share on other sites

GT500    645

GT500
Posted
1 hour ago, eloby said:

[+] Loaded 77 offline keys
Please archive the following info in case of future decryption:
[*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD
[*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT
[*] MACs: 00:1C:C4:8B:B5:30
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post

Link to post
Share on other sites

Din    1

Din
Posted
2 hours ago, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Thank you emi, i will wait. 

Share this post

Link to post
Share on other sites

eloby    0

eloby
Posted
On 8/14/2019 at 6:53 PM, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

thank you!!

Share this post

Link to post
Share on other sites

GT500    645

GT500
Posted
22 hours ago, Din said:

please help me guys, my dad need his data soon. 

Soon may not be possible (some people have been waiting for 6-7 months). If you need immediate file recovery, then you may want to consider contacting Coveware, as they can help you by contacting the criminal behind the ransomware and negotiate a lower price for you.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.