Ferdinand Rexhaj

My files are encrypted with .coot

Recommended Posts

Best way to get most of your files back is Shadow Explorer , you can get it here https://www.shadowexplorer.com/downloads.html

If it does not show any drives, go to start - run - enter services.msc and press enter

Look for Microsoft Software Shadow Copy Provider, Virtual Disk and  Volume Shadow Copy,  and set all 3  to automatic and run Shadow Explorer again

I am restoring my files at the moment with Shadow Exploere and it works.

Share this post


Link to post
Share on other sites

All my files are encrypted with  .adame

No shadow files available all gone I did post in another thread asking for advice can anyone help thank you.

I have backed up all files offline just incase there is a fix soon for Phobos/ Adame

Share this post


Link to post
Share on other sites

Now the situation is different with the new STOP Ransomware variants:
.gero, .hese , .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec,

Most files will never be decrypted. It will take millions of years to advance one step in decryption, but even this does not lead to decryption of files.

To prevent this from happening, you need to better protect your PC and not use any pirated and hacked software. 

Of course, licensed use is an expensive pleasure, but there are many legitimate analogues of those paid programs that are commonly used around the world.

Share this post


Link to post
Share on other sites
On 11/3/2019 at 10:21 AM, CompuWizzy said:

Best way to get most of your files back is Shadow Explorer , you can get it here https://www.shadowexplorer.com/downloads.html

That doesn't work with most ransomware, since they delete the shadow copies.

 

10 hours ago, Ferdinand Rexhaj said:

Never 😢?

If I pay ? 

This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

As for paying the ransom, while it is not recommended, I would believe that these particular criminals do deliver a working decrypter if you pay. You can also go through a third-party (such as Coveware) if you'd prefer someone negotiate a lower price for you, however note that such services are often intended for businesses and are often still expensive.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.