Recommended Posts

hello....i've been hacked...all my music...videos..images ...datas etc etc....cant open nothing....i got this txt message ''

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-sTWdbjk1AY
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID: 0157HydtUdjsFFs41l1v6XmBvm2RGhLQF7YWIWc5k1gQgHkVjy8kXF0

i run STOPdecrypter but got [-] No key for ID: 41l1v6XmBvm2RGhLQF7YWIWc5k1gQgHkVjy8kXF0 (.hese )

any help pls?

 

Share this post


Link to post
Share on other sites

That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:
https://id-ransomware.malwarehunterteam.com/

 

Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean.

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

At first glance the logs don't appear to show any signs of an active infection. As long as you remember to change your passwords you should be OK.

The next step is to make a backup of encrypted files and wait until a decrypter is available. Note that there's currently no ETA on a new decrypter for STOP/Djvu, so I can't speculate on how long that might take.

Share this post


Link to post
Share on other sites

I was informed that Drweb can decrypt some files that STOP cannot decrypt, only in another way. Only .pdf encrypted files and all the Office documents .doc, xls, docx, xlsx, ppt, pps, etc … 
Unfortunatly with this way can't will decrypt photo, video, audio and many files with other extensions.
If free test decrypt these files will successful, the fees requested by Dr.Web experts 150 EUR for Rescue Pack (Personal decryptor + 2-year DrWeb Security Space protection). There is no alternative to receiving this service. If the test-decrypt will fails, no payment will be required. 

Tell me, if this way suits you, I will let you know what files you need to collect for this. 

I do not participate in this process and do not provide any help except this information. I not having any financial benefit and is not involved in this decryption service at all.

Share this post


Link to post
Share on other sites

Yes. New Decryptor and Decryption service released. 

Try this NEW tool,  if the files are encrypted with an offline key, then there is a chance to decrypt some files.

https://www.emsisoft.com/ransomware-decryption-tools/free-download 
 https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Files encrypted with online keys (when the PC was connected to the Internet) will not be decrypted. 

Share this post


Link to post
Share on other sites
On 10/27/2019 at 1:09 PM, dionisisFrank said:

GT500 any news yet?

Note that the decrypter Amigo-A mentioned will more than likely only work for you if your ID ends in t1 which means it's an offline ID.

Share this post


Link to post
Share on other sites
16 hours ago, dionisisFrank said:

yes it's not working for me....

That probably means you had an online ID, which means your files were encrypted with a randomly generated key. In these instances, decryption with our tool will not be possible unless law enforcement is able to catch the criminal behind this ransomware and share their database of private keys.

Share this post


Link to post
Share on other sites
20 hours ago, dionisisFrank said:

so there's no other way to get my files back?

Not until law enforcement catches the criminals and takes possession of their database of private keys.

Share this post


Link to post
Share on other sites
On 11/17/2019 at 6:44 PM, dionisisFrank said:

my ID ends in t1....0157HydtUdjsFFsCkRzIzWzRp3U1ooEeUkKN4owpKdqn4SHRoxPMtt1

so that means that it's offline?

Yes, that's an offline ID, however .hese is a newer variant and if we don't have the private key for the offline ID then decryption won't be possible until we can get it.

I'll ask and see if someone knows if we have it.

Share this post


Link to post
Share on other sites

I've confirmed we do have the key for the offline ID from .hese, however keep in mind that some or most of your files may have been encrypted using an online key and ID. Does the decrypter show any errors when you run it?

Share this post


Link to post
Share on other sites
9 hours ago, dionisisFrank said:

error: Unable to decrypt file with ID: 41I1v6XmBvm2RGhLQF7YWIWc5k1gQgHkVjy8kXF0

The ID listed here is an online ID, so any files with this ID won't be decryptable.

Share this post


Link to post
Share on other sites
17 hours ago, dionisisFrank said:

how is Drweb thing working?

As far as I know they can't decrypt newer variants of STOP/Djvu when the files have online ID's, however @Amigo-A may know more.

Share this post


Link to post
Share on other sites

To create a decryption request in DrWeb and provide encrypted files and a ransom note file is easy for everyone to do. 

http://legal.drweb.com/encoder/?lng=en
http://legal.drweb.ru/encoder/?lng=ru

For request of test-decryption, you do not need to make an advance payment. It's free. 

I am very busy with work, therefore I will not do it in your place. 😃

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.