Recommended Posts

all data on my laptop encrypted to bora extensions.

I used this tool (decrypt_STOPDjvu)

but it give me errors:

Error: Access to the path 'C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\935DD3FB-0000-0000-0000-D05D00000000-0.bin' is denied.
Error: Access to the path 'C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\935DD3FB-0000-0000-0000-D05D00000000-0.bin' is denied.
Error: Access to the path 'C:\Windows\Resources\Themes\aero\VSCache\Aero.msstyles_1033_96_01.mss' is denied.
Error: Access to the path 'C:\Windows.old\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\935DD3FB-0000-0000-0000-D05D00000000-0.bin' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DF350EC811476EE491.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DF53913CC2D77E73FA.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DF5CE333D15D1BEB72.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DF73B880FB524B0F9A.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DF79D741C2D55A03D5.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DFB1A01C390C6FF799.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DFB3D4F346E55D52AC.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DFBD44D393973DBDDA.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DFBEA1BFAE02B9882F.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DFCA239E246B2CEF20.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DFE1C7D5448E7A123D.TMP' is denied.
Error: Access to the path 'C:\Windows.old\Users\satellite\AppData\Local\Temp\~DFF40E893C415A4C03.TMP' is denied.

 

File: D:\ahmed\10425509_1502393846699528_1659239647983959428_n.jpg.bora
Error: Unable to decrypt file with ID: Vkr7279vOGv2jeP0cMHDxTq1ER7oTUEMJKMY1Nsc

File: D:\ahmed\10641162_1512450995693813_9099162332124776350_n.jpg.bora
Error: Unable to decrypt file with ID: Vkr7279vOGv2jeP0cMHDxTq1ER7oTUEMJKMY1Nsc

File: D:\ahmed\10665813_859766830781203_7553460234722017445_n.jpg.bora
Error: Unable to decrypt file with ID: Vkr7279vOGv2jeP0cMHDxTq1ER7oTUEMJKMY1Nsc

File: D:\ahmed\10922873_1594007124204866_8984946369988836022_n.jpg.bora
Error: Unable to decrypt file with ID: Vkr7279vOGv2jeP0cMHDxTq1ER7oTUEMJKMY1Nsc

…….

please help me

Share this post


Link to post
Share on other sites

The first batch of errors simply means the decrypter wasn't allowed to access the files. Considering they aren't important files, they can be ignored.

As for the second batch of errors, which say "Error: Unable to decrypt file with ID...", those are due to your files having been encrypted by a newer variant of STOP/Djvu which uses a more secure form of encryption. Since your ID is an online ID instead of an offline ID, it will not be possible for the decrypter to decrypt your files.

Share this post


Link to post
Share on other sites

I understand that it is not currently possible to decrypt ".bora" files as it is too recent.  My files are also encrypted with online variant.

I am waiting patiently in the hope of a decryption tool being released soon.  Can you advise whether such a tool is being worked on, or am I waiting in vain?  Should I just swallow my pride and pay the criminals?

Thanks for your advice and help.

Share this post


Link to post
Share on other sites

Now the situation is different with the new STOP Ransomware variants:
.gero, .hese , .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec,

Most files will never be decrypted. It will take millions of years to advance one step in decryption, but even this does not lead to decryption of files.

To prevent this from happening, you need to better protect your PC and not use any pirated and hacked software. 

Of course, licensed use is an expensive pleasure, but there are many legitimate analogues of those paid programs that are commonly used around the world.

Share this post


Link to post
Share on other sites
23 hours ago, andy1966 said:

I am waiting patiently in the hope of a decryption tool being released soon.  Can you advise whether such a tool is being worked on, or am I waiting in vain?  Should I just swallow my pride and pay the criminals?

There is no new decryption tool being worked on. For offline ID's we can add the decryption keys to our database if we find them, however for online ID's there's nothing that can be done without access to the criminals' database of private keys.

 

13 hours ago, Vladut17 said:

How to solve The remote name could not be resolved? ((((((((

That's probably a DNS error. Can you visit the following link in your web browser?
https://decrypter.emsisoft.com/

Share this post


Link to post
Share on other sites
17 hours ago, Vladut17 said:

Yes @GT500

OK, then make sure that any security software (Anti-Virus, firewall, etc) you have installed isn't blocking the decrypter's Internet access.

Share this post


Link to post
Share on other sites
13 hours ago, Vladut17 said:

I dont have an antivirus,but i dont know about firewall how to verify?

Let's try getting a log from FRST, and see if it shows any installed security software. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Share this post


Link to post
Share on other sites
13 hours ago, Vladut17 said:

Yes @GT500 Can you decrypt this file please?

File: C:\Users\GT500\Desktop\FIFA14-DIE.py.bora
Error: Unable to decrypt file with ID: kL5msMZjKKEario4wMBSiaOyOHwUoC5omWEHNDHr

That's an online ID. There's no way to decrypt it.

Share this post


Link to post
Share on other sites
19 hours ago, Vladut17 said:

But offline? I hadn't this error offline @GT500

An online ID is one generated by the command and control servers for the STOP/Djvu ransomware when it infects your computer. If you have one, then it means that the command and control servers also generated a random set of keys, which were used to encrypt your files. This means recovery of your data is currently not possible.

There's more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
16 hours ago, Vladut17 said:

Will be resolved?When? @GT500

I lost all :((

This will be resolved when law enforcement catches the criminals and releases their database of private keys for us to add to our decryption service.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.