Nestor

NELASOD Error: Unable to decrypt file with ID

Recommended Posts

Hello sir, please some help

 

Unable to decrypt Old Variant ID: yXnGC4abzj1RA4UtIt3dwZvONKEXUXKy9Tq7dnGF
First 5 bytes: 0000002066

 

Share this post


Link to post
Share on other sites

Hello @babisk,

 

Welcome to the Emsisoft Support Forums.

 

The ID you provided is an online ID and as such files that were encrypted with an online ID cannot be decrypted using third-party decryption tools.

Share this post


Link to post
Share on other sites
18 hours ago, Josh254 said:

Unable to decrypt Old Variant ID: m8eTZXfIcnmiTRR4xYFNlsm0Rp0Gedmxk4F6ERDb
First 5 bytes: 255044462D

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

 

18 hours ago, Vicky said:

@Amigo-A  Hey team, Can you help me restore my data,infacted by rasomware kodc ext and unable to find t1 in any id.

There's nothing we can do for online ID's. They require private keys for decryption, and only the criminals have access to those.

Share this post


Link to post
Share on other sites
15 hours ago, babisk said:

Unable to decrypt Old Variant ID: yXnGC4abzj1RA4UtIt3dwZvONKEXUXKy9Tq7dnGF
First 5 bytes: 0000002066

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

Share this post


Link to post
Share on other sites

Hi, i get this message when run Emsisoft Decryptor:

Unable to decrypt Old Variant ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1

This is an offline key i think, so dont know why this message shows up.

 

Thanks for your time

 

Share this post


Link to post
Share on other sites

Hey there, my first post on here. Needs help urgently as my PC just got infected with topi. Got this message: 

Unable to decrypt Old Variant ID: VY7KfCqzxM89UnShbdxrV3mJmuCHbl99KE9VIhrW
First 5 bytes: 524946468E

If this can't be helped, what do I do? Wait for new tools to appear or just delete the files?

Thank you. 

Share this post


Link to post
Share on other sites
On 1/25/2020 at 1:31 PM, SonOfArcade said:

Unable to decrypt Old Variant ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1

This is an offline key i think, so dont know why this message shows up.

There are some variants where we don't have keys for offline ID's. If the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

18 hours ago, marv said:

Unable to decrypt Old Variant ID: VY7KfCqzxM89UnShbdxrV3mJmuCHbl99KE9VIhrW
First 5 bytes: 524946468E

That's an online ID, however if the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

There are some variants where we don't have keys for offline ID's. If the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

That's an online ID, however if the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

The variant is .reha

 

thanks and best regards

Share this post


Link to post
Share on other sites
16 hours ago, SonOfArcade said:

The variant is .reha

I would believe that variant is still less than a week old. I recommend running the decrypter once every week or two to see if we've been able to add the private key for .reha offline ID's.

Share this post


Link to post
Share on other sites
On 1/28/2020 at 6:07 PM, GT500 said:

There are some variants where we don't have keys for offline ID's. If the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

That's an online ID, however if the variant is .nelasod then you should be able to upload file pairs to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Hi GT, thank you.

My variant is topi, not nelasod, if that's what you meant.

Do advise.

Share this post


Link to post
Share on other sites
2 hours ago, marv said:

My variant is topi

That variant is newer as well and not supported by our decryption tool.

 

10 hours ago, GT500 said:

I recommend running the decrypter once every week or two to see if we've been able to add the private key for .reha offline ID's.

This advice applies to .topi and well.

Share this post


Link to post
Share on other sites
16 hours ago, marv said:

My variant is topi, not nelasod, if that's what you meant.

.topi is new enough that we probably don't have the private key for its offline ID yet. As Kevin mentioned, if you have an offline ID then we recommend running the decrypter every week or two to see when we add the private key.

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

.topi is new enough that we probably don't have the private key for its offline ID yet. As Kevin mentioned, if you have an offline ID then we recommend running the decrypter every week or two to see when we add the private key.

Thanks GT and Kevin. I don't have an offline ID, not sure how to get them either. 

So I just have to run the decrypter every week or so?

Thank you, I will do that. hope you guys add the private key soon. 

Share this post


Link to post
Share on other sites
19 hours ago, marv said:

I don't have an offline ID, not sure how to get them either.

Offline ID's and public keys are used by the ransomware when it starts encrypting your files in cases where it was unable to connect to its command and control servers and ask for a unique ID and RSA keys to be generated for your files.

If you have an online ID then your ID and the public key used to encrypt your files was randomly generated by the server operated by the criminals, and the only way to decrypt your files is with the private key that is in the possession of the criminals (we don't have access to those).

 

5 hours ago, BlueArmy said:

hi i am getting this message while decrypting any solution ????

Unable to decrypt Old Variant ID: idPndoHrg7yVICKqZ2aB46JiaF4V4WJa1UBeGfx5

What version of the decrypter do you have? Version 1.0.0.3 had a bug that caused it to always say "Old Variant", and this was fixed in version 1.0.0.4.

Also, what was added to the end of all your file names? .nelasod? If so, you just need to upload file pairs via our online submission form. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

My files encrypted with .reha extension. And my ID number ends with t1. 

How can I decrypt my files. Current decrypt tool not work here.     

Share this post


Link to post
Share on other sites

@Able if our decryption tool is unable to determine the decryption key for your files, then it is not possible to decrypt the files.

Share this post


Link to post
Share on other sites
15 hours ago, Able said:

My files encrypted with .reha extension. And my ID number ends with t1. 

How can I decrypt my files. Current decrypt tool not work here.     

Can you run the decrypter, and then copy and paste the output here for us to see?

Some of your files may have different ID's than the one you're seeing in the ransom note. The offline ID for .reha is as follows:

7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1

 

Share this post


Link to post
Share on other sites

i got same condition too for .reha

No key for New Variant online ID: U1gBjDyWmGLZiVEGleSv4p808vdvY5hv2Dh1xNIL
Notice: this ID appears to be an online ID, decryption is impossible

Share this post


Link to post
Share on other sites
7 hours ago, lim said:

i got same condition too for .reha

No key for New Variant online ID: U1gBjDyWmGLZiVEGleSv4p808vdvY5hv2Dh1xNIL
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
On 12/16/2019 at 7:52 PM, Amigo-A said:

This is new variant of STOP Ransomware

The signs "t1" at the end of the ID can indicate that in the future the files can be decrypted if the developers receive a decryption key. Today, this is the newest variant, and no one has yet announced that they bought the key from extortionists to pass it to the developers, so that they complement its in decryptor.

Just to thank you and all good people in Emsisoft,I have finally decrypt all of my nbes. files with STOP DJVU. Patient paid off. I had to admit that decryption was going very quickly. Thank you and keep up with good work! 

  • Like 1

Share this post


Link to post
Share on other sites
12 hours ago, kasapin said:

I have finally decrypt all of my nbes.

Awesome. We're always glad to hear that. 👍

Share this post


Link to post
Share on other sites
4 hours ago, Agha said:

What about .npsk file? any chance i can decrypt this?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Hi there,

Unable to decrypt Old Variant ID: tE0W7Df03yq63IY7B389WdzxCyNfK4QQantb5V27  I cannot decrypt the files which were encrypted months back with BOPADOR as extension. Will uploading file pair work?

Sudhir

Share this post


Link to post
Share on other sites
19 hours ago, sudhirathekkattil said:

Will uploading file pair work?

Yes, that should work for all older variants.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.