Din 1 Posted August 13, 2019 Report Share Posted August 13, 2019 Hi guys please help, my dad has some virus called nasoh, can you please help him? He need to recover his files And now the STOPDecrypter gave me this [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: bAf4dxBY0O0XDUS3KRttk3nIvtSDVSY4Tn1MHAiC [*] MACs: F4:39:09:84:34:4F, 76:40:BB:E8:F8:9F, 00:FF:2F:58:3B:E4, 74:40:BB:E8:F8:9F, 74:40:BB:E8:F8:A0 This info has also been logged to STOPDecrypter-log.txt Quote Link to post Share on other sites
Amigo-A 136 Posted August 13, 2019 Report Share Posted August 13, 2019 Hello @Din Attach a ransom note _readme.txt to your message Quote Link to post Share on other sites
Din 1 Posted August 13, 2019 Author Report Share Posted August 13, 2019 Here is... _readme.txt Quote Link to post Share on other sites
GT500 861 Posted August 14, 2019 Report Share Posted August 14, 2019 @Din could you also attach the log from STOPDecrypter to a reply so that we can take a look at it? Quote Link to post Share on other sites
Din 1 Posted August 14, 2019 Author Report Share Posted August 14, 2019 here is STOPDecrypter-log.txt Quote Link to post Share on other sites
eloby 0 Posted August 14, 2019 Report Share Posted August 14, 2019 hello! I have the same ransomware D: if you could find a solution please contact me or post it here, I'm really worried because all my work's files are encrypted Quote Link to post Share on other sites
Amigo-A 136 Posted August 14, 2019 Report Share Posted August 14, 2019 Hello @eloby This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:https://kb.gt500.org/stopdecrypter Quote Link to post Share on other sites
Amigo-A 136 Posted August 14, 2019 Report Share Posted August 14, 2019 Hello @Din OK Your information will be archived by STOP Decrypter's developer. He often views topics here. This does not mean that today he will write a messages to everyone. There are a lot of victims of STOP Ransomware. Now it is the most active and successful ransomware-program for extortionists. You can tell him about your case. Enough to do this only once. Understand that there are many victims, but he alone makes and updates the freeware STOP Decrypter. Quote Link to post Share on other sites
eloby 0 Posted August 14, 2019 Report Share Posted August 14, 2019 3 hours ago, Amigo-A said: Hello @eloby This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message:https://kb.gt500.org/stopdecrypter hello! here is attached the txt file thas was in my desk and this is what i got at the beggining of the scan from STOPDecrypter: [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD [*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt this is what i get when it finnished running: [!] No keys were found for the following IDs: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.nasoh ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.avi ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.docx ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.bmp ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.ico ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.zip ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.dyn ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.xnb ) [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD (.jpg ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt Is there any way to recover the rest of my files? none of the files in the user folders were decrypted and those are the ones that i need _readme.txt Quote Link to post Share on other sites
GT500 861 Posted August 14, 2019 Report Share Posted August 14, 2019 19 hours ago, Din said: here is STOPDecrypter-log.txt 358 B · 1 download I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Link to post Share on other sites
GT500 861 Posted August 14, 2019 Report Share Posted August 14, 2019 1 hour ago, eloby said: [+] Loaded 77 offline keys Please archive the following info in case of future decryption: [*] ID: PHRzz9x0iPAZnI8fXpdMhvToLNW14D23xFpat8cD [*] ID: X06Jr2pjnJf3kDUQyjrNBMKMQtPWQD63foZ1vutT [*] MACs: 00:1C:C4:8B:B5:30 This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Link to post Share on other sites
Din 1 Posted August 15, 2019 Author Report Share Posted August 15, 2019 2 hours ago, GT500 said: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Thank you emi, i will wait. Quote Link to post Share on other sites
eloby 0 Posted August 16, 2019 Report Share Posted August 16, 2019 On 8/14/2019 at 6:53 PM, GT500 said: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. thank you!! Quote Link to post Share on other sites
Din 1 Posted August 19, 2019 Author Report Share Posted August 19, 2019 please help me guys, my dad need his data soon. Quote Link to post Share on other sites
GT500 861 Posted August 20, 2019 Report Share Posted August 20, 2019 22 hours ago, Din said: please help me guys, my dad need his data soon. Soon may not be possible (some people have been waiting for 6-7 months). If you need immediate file recovery, then you may want to consider contacting Coveware, as they can help you by contacting the criminal behind the ransomware and negotiate a lower price for you. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.