Jump to content

derp virus problem


Recommended Posts

Unless you happen to find ransom notes that have offline ID's in the, then your files more than likely all have online ID's. The easiest way to tell is just to run the decrypter and see if it can decrypt any of your files, although in the case of .derp we may not have the offline key for it yet, but at least the ID's will appear in the decrypter's output.

Link to comment
Share on other sites

The form of encryption used in newer variants isn't susceptible to the use of file pairs. Normally, with the type of encryption it uses, it's secure enough that there's no way to decrypt files without the private key. The only alternative is waiting tens of thousands of years for a supercomputer to brute force the key.

Link to comment
Share on other sites

  • 2 weeks later...

my pc was infected by derp virus

the personalid on _readme.txt is   0176Asd374y5iuhldTH3qgRaDDLBvQeNNvDNd7xgtvrKTJPW4CP2Ny1Hj

virus wirte on this registery hash code is  KqLP7Cmpx34=

 

so is it offline or online or both ? and can i decrypt some files?

 

ransomware note is :

 

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-IbdGyCKhdr
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0176Asd374y5iuhldTH3qgRaDDLBvQeNNvDNd7xgtvrKTJPW4CP2Ny1Hj

Link to comment
Share on other sites

19 hours ago, saeidazizi said:

Your personal ID:
0176Asd374y5iuhldTH3qgRaDDLBvQeNNvDNd7xgtvrKTJPW4CP2Ny1Hj

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites

  • 1 month later...

derp and merosa decryption tool 

This video file was sent to me by a virus maker, and if you look at it, decrypting data doesn't need to be connected to the internet. It's true that the key type of the virus generated is online, but the decoder works offline and this He sent the video file to the servant himself as a blackmailer

I want your company to write me this decoder for files no matter how much it costs

Please tell me the cost of writing the program to decrypt the derp files and the time it took to write the program.
It doesn't matter to me I just want my information and files.
I want to pay you the same amount of money I'm going to pay for the virus, just get my data back. %100 back
And I'll send you this video file as a link to see.
Please answer me as soon as possible

https://youtu.be/ehljScmlOGI

Link to comment
Share on other sites

2 hours ago, saeidazizi said:

This video file was sent to me by a virus maker, and if you look at it, decrypting data doesn't need to be connected to the internet. It's true that the key type of the virus generated is online, but the decoder works offline and this He sent the video file to the servant himself as a blackmailer

Our decrypter does need to be connected to the Internet to work.

Please note that this has nothing to do with whether or not an ID is "online" or "offline". ID's are generated when the ransomware infects a computer and starts encrypting files. Nothing can change that, and this has nothing to do with whether or not there is an Internet connection when decrypting files.

Link to comment
Share on other sites

When you pay, the criminal gives you a decryptor and your personal key. So yes, they don't require internet access because they give you a key you have to input into the program.

We call them "online" and "offline" keys based on how they are used with the malware. The FAQ clearly states this, but I will re-summarize it for you...

Online Key: The malware talked to their server at the time you were infected, and their server generated a key unique to you. Only the criminals have your key.

Offline Key: The malware failed to talk to their server, and resorted to an "offline" key that is embedded in the binary. Everyone who has a file encrypted and has the corresponding ID (also embedded in the malware) will have the same key for those files.

The NEW variants (aka yours) all use RSA encryption, so these keys are not breakable. Due to different circumstances, many times some files are encrypted with the Online key, and others with the Offline key; the malware constantly reaches out to it's command server, so if even one of those times fails, then that "run" of the malware encrypts with the Offline key. We sometimes are able to acquire the Offline keys after one victim has paid, and it can help others recover some files, but the Online keys remain unique and do not help anyone else.

Our decryptor requires internet access because we store all the keys and keystreams we acquire on our server. This allows us to manage it without having to push a decryptor update every time we get a new key, and for ease of the user in not having to input anything additional to the program.

 

Please READ THE FAQ, this is all explained in there. Only the criminals have the Online keys; they are impossible to break. If you really want to "name a price" and throw money at the problem, feel free to invest in the quantum computing industry; we're still decades away from even attempting to use quantum computers for breaking RSA-2048.

Link to comment
Share on other sites

  • 4 weeks later...

i have an encrypted txt file which contains

21361Œ:كpحٹ8â ¤¸½bك‍_ؤt.N†ظأA–µLو9Œگ0ِذ#َ6^س َ#µٌآ|؟9ڑ^يءاôM„ٹ؟£J$”_7|ذ]¨µ;:لٌأrکBK*g2‚dيب…/­هS‎حP\AH‹#2ک:د!آ<®±Jزوڑ½?Z¥ژoL[lD>/¬/„Kfàك³Œ³ًغ‏°غتئLŒ:/çN.“0¾:Uh.ٌv/"•sdR r*ذqb›ج'½-ûˆë”ي¦›pأ½ù,1/µMر}W[¦w‰-زک;*p‰•?3‌؟jµ¯¬ج_جأم à†mف™T…<>ڈcGIgYYpdpFOd8zWMHfi9ziGIE9Lh0LJttGTeACwqQ{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

but the original file contains

213610

so did the virus replaced 0 with Œ:كpحٹ8â ¤¸½bك‍_ؤt.N†ظأA–µLو9Œگ0ِذ#َ6^س َ#µٌآ|؟9ڑ^يءاôM„ٹ؟£J$”_7|ذ]¨µ;:لٌأrکBK*g2‚dيب…/­هS‎حP\AH‹#2ک:د!آ<®±Jزوڑ½?Z¥ژoL[lD>/¬/„Kfàك³Œ³ًغ‏°غتئLŒ:/çN.“0¾:Uh.ٌv/"•sdR r*ذqb›ج'½-ûˆë”ي¦›pأ½ù,1/µMر}W[¦w‰-زک;*p‰•?3‌؟jµ¯¬ج_جأم à†mف™T…<>ڈcGIgYYpdpFOd8zWMHfi9ziGIE9Lh0LJttGTeACwqQ{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...