Jump to content

NELASOD Error: Unable to decrypt file with ID

Nestor

By Nestor,
in Help, my files are encrypted!

 Share

Recommended Posts

GT500

GT500

Posted
Posted
18 hours ago, Josh254 said:

Unable to decrypt Old Variant ID: m8eTZXfIcnmiTRR4xYFNlsm0Rp0Gedmxk4F6ERDb
First 5 bytes: 255044462D

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

 

18 hours ago, Vicky said:

@Amigo-A  Hey team, Can you help me restore my data,infacted by rasomware kodc ext and unable to find t1 in any id.

There's nothing we can do for online ID's. They require private keys for decryption, and only the criminals have access to those.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
15 hours ago, babisk said:

Unable to decrypt Old Variant ID: yXnGC4abzj1RA4UtIt3dwZvONKEXUXKy9Tq7dnGF
First 5 bytes: 0000002066

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

Link to comment
Share on other sites
marv

marv

Posted
Posted

Hey there, my first post on here. Needs help urgently as my PC just got infected with topi. Got this message: 

Unable to decrypt Old Variant ID: VY7KfCqzxM89UnShbdxrV3mJmuCHbl99KE9VIhrW
First 5 bytes: 524946468E

If this can't be helped, what do I do? Wait for new tools to appear or just delete the files?

Thank you. 

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
On 1/25/2020 at 1:31 PM, SonOfArcade said:

Unable to decrypt Old Variant ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1

This is an offline key i think, so dont know why this message shows up.

There are some variants where we don't have keys for offline ID's. If the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

18 hours ago, marv said:

Unable to decrypt Old Variant ID: VY7KfCqzxM89UnShbdxrV3mJmuCHbl99KE9VIhrW
First 5 bytes: 524946468E

That's an online ID, however if the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites
SonOfArcade

SonOfArcade

Posted
Posted
4 hours ago, GT500 said:

There are some variants where we don't have keys for offline ID's. If the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

That's an online ID, however if the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

The variant is .reha

 

thanks and best regards

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
16 hours ago, SonOfArcade said:

The variant is .reha

I would believe that variant is still less than a week old. I recommend running the decrypter once every week or two to see if we've been able to add the private key for .reha offline ID's.

Link to comment
Share on other sites
marv

marv

Posted
Posted
On 1/28/2020 at 6:07 PM, GT500 said:

There are some variants where we don't have keys for offline ID's. If the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

That's an online ID, however if the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Hi GT, thank you.

My variant is topi, not nelasod, if that's what you meant.

Do advise.

Link to comment
Share on other sites
ShadowPuterDude

ShadowPuterDude

Posted
Posted
2 hours ago, marv said:

My variant is topi

That variant is newer as well and not supported by our decryption tool.

 

10 hours ago, GT500 said:

I recommend running the decrypter once every week or two to see if we've been able to add the private key for .reha offline ID's.

This advice applies to .topi and well.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
16 hours ago, marv said:

My variant is topi, not nelasod, if that's what you meant.

.topi is new enough that we probably don't have the private key for its offline ID yet. As Kevin mentioned, if you have an offline ID then we recommend running the decrypter every week or two to see when we add the private key.

Link to comment
Share on other sites
marv

marv

Posted
Posted
6 hours ago, GT500 said:

.topi is new enough that we probably don't have the private key for its offline ID yet. As Kevin mentioned, if you have an offline ID then we recommend running the decrypter every week or two to see when we add the private key.

Thanks GT and Kevin. I don't have an offline ID, not sure how to get them either. 

So I just have to run the decrypter every week or so?

Thank you, I will do that. hope you guys add the private key soon. 

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
19 hours ago, marv said:

I don't have an offline ID, not sure how to get them either.

Offline ID's and public keys are used by the ransomware when it starts encrypting your files in cases where it was unable to connect to its command and control servers and ask for a unique ID and RSA keys to be generated for your files.

If you have an online ID then your ID and the public key used to encrypt your files was randomly generated by the server operated by the criminals, and the only way to decrypt your files is with the private key that is in the possession of the criminals (we don't have access to those).

 

5 hours ago, BlueArmy said:

hi i am getting this message while decrypting any solution ????

Unable to decrypt Old Variant ID: idPndoHrg7yVICKqZ2aB46JiaF4V4WJa1UBeGfx5

What version of the decrypter do you have? Version 1.0.0.3 had a bug that caused it to always say "Old Variant", and this was fixed in version 1.0.0.4.

Also, what was added to the end of all your file names? .nelasod? If so, you just need to upload file pairs via our online submission form. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
15 hours ago, Able said:

My files encrypted with .reha extension. And my ID number ends with t1. 

How can I decrypt my files. Current decrypt tool not work here.     

Can you run the decrypter, and then copy and paste the output here for us to see?

Some of your files may have different ID's than the one you're seeing in the ransom note. The offline ID for .reha is as follows: 

7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1

 

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
7 hours ago, lim said:

i got same condition too for .reha

No key for New Variant online ID: U1gBjDyWmGLZiVEGleSv4p808vdvY5hv2Dh1xNIL
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites
  • 2 weeks later...
kasapin

kasapin

Posted
Posted
On 12/16/2019 at 7:52 PM, Amigo-A said:

This is new variant of STOP Ransomware

The signs "t1" at the end of the ID can indicate that in the future the files can be decrypted if the developers receive a decryption key. Today, this is the newest variant, and no one has yet announced that they bought the key from extortionists to pass it to the developers, so that they complement its in decryptor.

Just to thank you and all good people in Emsisoft,I have finally decrypt all of my nbes. files with STOP DJVU. Patient paid off. I had to admit that decryption was going very quickly. Thank you and keep up with good work! 

  • Like 1
Link to comment
Share on other sites
  • 4 weeks later...
GT500

GT500

Posted
Posted
4 hours ago, Agha said:

What about .npsk file? any chance i can decrypt this?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites
  • 5 weeks later...
  • 7 months later...
GT500

GT500

Posted
Posted
9 hours ago, medo said:

hi people please if you can help with: ID: qedLk3fXKgNRqGSVeiEUvW5nvefXMtgDRf2xuEPO

You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 05/24/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...