abdallah ahmed

derp virus problem

Recommended Posts

my pc was infected by derp virus

the id on _readme.txt is 0176Asd374y5iuhldGIgYYpdpFOd8zWMHfi9ziGIE9Lh0LJttGTeACwqQ

and on personalid.txt is GIgYYpdpFOd8zWMHfi9ziGIE9Lh0LJttGTeACwqQ
KzZDbsL5uUAqMCZQH1bfMhtyqpeo4e4SiPderpt1

so is it offline or online or both ? and can i decrypt some files?

Share this post


Link to post
Share on other sites

Unless you happen to find ransom notes that have offline ID's in the, then your files more than likely all have online ID's. The easiest way to tell is just to run the decrypter and see if it can decrypt any of your files, although in the case of .derp we may not have the offline key for it yet, but at least the ID's will appear in the decrypter's output.

Share this post


Link to post
Share on other sites

The form of encryption used in newer variants isn't susceptible to the use of file pairs. Normally, with the type of encryption it uses, it's secure enough that there's no way to decrypt files without the private key. The only alternative is waiting tens of thousands of years for a supercomputer to brute force the key.

Share this post


Link to post
Share on other sites

my pc was infected by derp virus

the personalid on _readme.txt is   0176Asd374y5iuhldTH3qgRaDDLBvQeNNvDNd7xgtvrKTJPW4CP2Ny1Hj

virus wirte on this registery hash code is  KqLP7Cmpx34=

 

so is it offline or online or both ? and can i decrypt some files?

 

ransomware note is :

 

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-IbdGyCKhdr
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0176Asd374y5iuhldTH3qgRaDDLBvQeNNvDNd7xgtvrKTJPW4CP2Ny1Hj

Share this post


Link to post
Share on other sites
19 hours ago, saeidazizi said:

Your personal ID:
0176Asd374y5iuhldTH3qgRaDDLBvQeNNvDNd7xgtvrKTJPW4CP2Ny1Hj

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
On 12/1/2019 at 5:24 AM, saeidazizi said:

virus wirte on this registery hash code is :  KqLP7Cmpx34=

That's not a decryption key.

Share this post


Link to post
Share on other sites

derp and merosa decryption tool 

This video file was sent to me by a virus maker, and if you look at it, decrypting data doesn't need to be connected to the internet. It's true that the key type of the virus generated is online, but the decoder works offline and this He sent the video file to the servant himself as a blackmailer

I want your company to write me this decoder for files no matter how much it costs

Please tell me the cost of writing the program to decrypt the derp files and the time it took to write the program.
It doesn't matter to me I just want my information and files.
I want to pay you the same amount of money I'm going to pay for the virus, just get my data back. %100 back
And I'll send you this video file as a link to see.
Please answer me as soon as possible

https://youtu.be/ehljScmlOGI

Share this post


Link to post
Share on other sites
2 hours ago, saeidazizi said:

This video file was sent to me by a virus maker, and if you look at it, decrypting data doesn't need to be connected to the internet. It's true that the key type of the virus generated is online, but the decoder works offline and this He sent the video file to the servant himself as a blackmailer

Our decrypter does need to be connected to the Internet to work.

Please note that this has nothing to do with whether or not an ID is "online" or "offline". ID's are generated when the ransomware infects a computer and starts encrypting files. Nothing can change that, and this has nothing to do with whether or not there is an Internet connection when decrypting files.

Share this post


Link to post
Share on other sites

When you pay, the criminal gives you a decryptor and your personal key. So yes, they don't require internet access because they give you a key you have to input into the program.

We call them "online" and "offline" keys based on how they are used with the malware. The FAQ clearly states this, but I will re-summarize it for you...

Online Key: The malware talked to their server at the time you were infected, and their server generated a key unique to you. Only the criminals have your key.

Offline Key: The malware failed to talk to their server, and resorted to an "offline" key that is embedded in the binary. Everyone who has a file encrypted and has the corresponding ID (also embedded in the malware) will have the same key for those files.

The NEW variants (aka yours) all use RSA encryption, so these keys are not breakable. Due to different circumstances, many times some files are encrypted with the Online key, and others with the Offline key; the malware constantly reaches out to it's command server, so if even one of those times fails, then that "run" of the malware encrypts with the Offline key. We sometimes are able to acquire the Offline keys after one victim has paid, and it can help others recover some files, but the Online keys remain unique and do not help anyone else.

Our decryptor requires internet access because we store all the keys and keystreams we acquire on our server. This allows us to manage it without having to push a decryptor update every time we get a new key, and for ease of the user in not having to input anything additional to the program.

 

Please READ THE FAQ, this is all explained in there. Only the criminals have the Online keys; they are impossible to break. If you really want to "name a price" and throw money at the problem, feel free to invest in the quantum computing industry; we're still decades away from even attempting to use quantum computers for breaking RSA-2048.

Share this post


Link to post
Share on other sites

i have an encrypted txt file which contains

21361Œ:كpحٹ8â ¤¸½bك‍_ؤt.N†ظأA–µLو9Œگ0ِذ#َ6^س َ#µٌآ|؟9ڑ^يءاôM„ٹ؟£J$”_7|ذ]¨µ;:لٌأrکBK*g2‚dيب…/­هS‎حP\AH‹#2ک:د!آ<®±Jزوڑ½?Z¥ژoL[lD>/¬/„Kfàك³Œ³ًغ‏°غتئLŒ:/çN.“0¾:Uh.ٌv/"•sdR r*ذqb›ج'½-ûˆë”ي¦›pأ½ù,1/µMر}W[¦w‰-زک;*p‰•?3‌؟jµ¯¬ج_جأم à†mف™T…<>ڈcGIgYYpdpFOd8zWMHfi9ziGIE9Lh0LJttGTeACwqQ{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

but the original file contains

213610

so did the virus replaced 0 with Œ:كpحٹ8â ¤¸½bك‍_ؤt.N†ظأA–µLو9Œگ0ِذ#َ6^س َ#µٌآ|؟9ڑ^يءاôM„ٹ؟£J$”_7|ذ]¨µ;:لٌأrکBK*g2‚dيب…/­هS‎حP\AH‹#2ک:د!آ<®±Jزوڑ½?Z¥ژoL[lD>/¬/„Kfàك³Œ³ًغ‏°غتئLŒ:/çN.“0¾:Uh.ٌv/"•sdR r*ذqb›ج'½-ûˆë”ي¦›pأ½ù,1/µMر}W[¦w‰-زک;*p‰•?3‌؟jµ¯¬ج_جأم à†mف™T…<>ڈcGIgYYpdpFOd8zWMHfi9ziGIE9Lh0LJttGTeACwqQ{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

Share this post


Link to post
Share on other sites

@abdallah ahmed STOP/Djvu is a little weird. In this case, I think those first 5 numbers may have been the first 5 bytes of the file, so it didn't encrypt them. It also appends data to the end of the file, which is why the encrypted data is so long.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.