.MEKA decryptor

[m.fedawi 0]

Can I ask for the tool that ransomware makers sends once the victim pays?

as the video they sent attached I've noticed that the tool  file that they send only needs the key to resolve all files infected files.

I attached the read me note file,  I also have some files in both before and after encryption does it help? 

 

as my understanding i found that the id is somehow related to the key, i think they have made it in same programming algorithm so they have to be encrypting all files with same key per user , is that true?

_readme.txt

[GT500 593]

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

[m.fedawi 0]

Thank you GT500 ,  I appreciate your kind reply and hope you guys find a solution for it soon,

so anybody have a  copy of  the ransomware makers fix tool?

[GT500 593]

18 hours ago, m.fedawi said:

so anybody have a  copy of  the ransomware makers fix tool?

We do occasionally get a copy of them. I can assure you that they won't be of any help. The ransomware's command and control servers will generate random public and private keys for each computer that gets infected by STOP/Djvu. Public keys are sent to the ransomware running on the infected computers to be used in encryption, and the private keys (which are required for decryption) are stored in a database on the server and never sent to the infected computers.

When someone pays the ransom, they only send the private key for the ID assigned to that victim's computer by the ransomware. This means that the decryption tool sent by the criminals to victims who have paid the ransom is only capable of decrypting files for a single computer.