Din 1 Report post Posted Tuesday at 01:37 PM Hi guys please help, my dad has some virus called nasoh, can you please help him? He need to recover his files And now the STOPDecrypter gave me this [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: bAf4dxBY0O0XDUS3KRttk3nIvtSDVSY4Tn1MHAiC [*] MACs: F4:39:09:84:34:4F, 76:40:BB:E8:F8:9F, 00:FF:2F:58:3B:E4, 74:40:BB:E8:F8:9F, 74:40:BB:E8:F8:A0 This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
Amigo-A 24 Report post Posted Tuesday at 04:34 PM Hello @Din Attach a ransom note _readme.txt to your message Quote Share this post Link to post Share on other sites
Din 1 Report post Posted Tuesday at 04:54 PM Here is... _readme.txt Quote Share this post Link to post Share on other sites
GT500 572 Report post Posted Wednesday at 01:12 AM @Din could you also attach the log from STOPDecrypter to a reply so that we can take a look at it? Quote Share this post Link to post Share on other sites
Din 1 Report post Posted Wednesday at 02:51 AM here is STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
eloby 0 Report post Posted Wednesday at 12:48 PM hello! I have the same ransomware D: if you could find a solution please contact me or post it here, I'm really worried because all my work's files are encrypted Quote Share this post Link to post Share on other sites
Amigo-A 24 Report post Posted Wednesday at 05:41 PM Hello @eloby This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
Amigo-A 24 Report post Posted Wednesday at 05:42 PM Hello @Din OK Your information will be archived by STOP Decrypter's developer. He often views topics here. This does not mean that today he will write a messages to everyone. There are a lot of victims of STOP Ransomware. Now it is the most active and successful ransomware-program for extortionists. You can tell him about your case. Enough to do this only once. Understand that there are many victims, but he alone makes and updates the freeware STOP Decrypter. Quote Share this post Link to post Share on other sites
eloby 0 Report post Posted Wednesday at 09:26 PM 3 hours ago, Amigo-A said: Hello @eloby This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:https://kb.gt500.org/stopdecrypter hello! here is attached the txt file thas was in my desk and this is what i got at the beggining of the scan from STOPDecrypter: [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD [*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt this is what i get when it finnished running: [!] No keys were found for the following IDs: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.nasoh ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.avi ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.docx ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.bmp ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.ico ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.zip ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.dyn ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.xnb ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.jpg ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt Is there any way to recover the rest of my files? none of the files in the user folders were decrypted and those are the ones that i need _readme.txt Quote Share this post Link to post Share on other sites
GT500 572 Report post Posted Wednesday at 10:50 PM 19 hours ago, Din said: here is STOPDecrypter-log.txt 358 B · 1 download I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
GT500 572 Report post Posted Wednesday at 10:53 PM 1 hour ago, eloby said: [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD [*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
Din 1 Report post Posted Thursday at 12:52 AM 2 hours ago, GT500 said: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Thank you emi, i will wait. Quote Share this post Link to post Share on other sites
eloby 0 Report post Posted Friday at 01:11 PM On 8/14/2019 at 6:53 PM, GT500 said: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. thank you!! Quote Share this post Link to post Share on other sites
