ethem 0 Report post Posted November 19, 2019 help. all my files are encrypted. i got .kodg virus. I got a t1 id but decryptor couldnt decrypt my files. ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool:https://we.tl/t-wj1fybU0Fy Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: Ny57KnZX7JgM3qZqXmBFG8oBnAXljw1XTt1 Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 20, 2019 6 hours ago, ethem said: Your personal ID: Ny57KnZX7JgM3qZqXmBFG8oBnAXljw1XTt1 This is a newer variant of STOP/Djvu, and your ID is an offline ID, so once we're able to find the offline key for this variant and add it to our database you should be able to use our decrypter to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
ethem 0 Report post Posted November 20, 2019 So what should i do now? Wait for you to add .kodg to your database or should i go to police department Quote Share this post Link to post Share on other sites
ethem 0 Report post Posted November 20, 2019 Also approximately how many days does it take to decrypt a ransomware? Quote Share this post Link to post Share on other sites
Amigo-A 123 Report post Posted November 20, 2019 9 hours ago, ethem said: Wait for you to add .kodg to your database or should i go to police department A trip to the police would be useful in the event of a single extortion, which did not hit tens of thousands of users around the world. But this globally crypto-ransomware STOP-Djvu Ransomware and the local police will not be able to help here. Wait and regularly (1 time per week) check Emsisoft decryptor support for your variants. We can’t say when developers can get the decryption key. This operation cannot be predicted in advance. Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 21, 2019 21 hours ago, ethem said: So what should i do now? Wait for you to add .kodg to your database or should i go to police department For now I recommend making a backup of your files and waiting until we can get our hands on the offline key for this variant of STOP/Djvu (you can try the decrypter again every week or two to see if we've been able to add it). As for reporting this crime, feel free to do so. The more reports law enforcement receives, the more reason they have to track down the criminals behind the ransomware. There's more information about reporting ransomware incidents at the following link:https://www.nomoreransom.org/en/report-a-crime.html Quote Share this post Link to post Share on other sites
Salil 0 Report post Posted November 21, 2019 Hi, My brother's laptop is also infected by this ransomware. I saw few .kodg files and the text file name "_readme". I saw few files were not infected but I just shutdown the laptop immediately. Questions : 1) Person ID in "_readme.txt" don't have t1 at the end. Is there any change to get a decryptor for .kodg variant of STOP/Djvu with online ID? 2) What do you recommend to do with laptop which has active ransomware and it also have data which is not yet encrypted and I want to save that data. Laptop is currently off and I am afraid of starting it. Is there any way I can remove this ransomware without loosing any more data? (eg running with command prompt mode or safe mode and doing something to remove ransomware or connecting hard drive to Mac and coping data etc) Please help, Thank you Quote Share this post Link to post Share on other sites
Amigo-A 123 Report post Posted November 21, 2019 Download ImageDownload Image Hello @Salil To transfer data, it is best to connect the disk as a secondary to another PC or to a new disk with a new system and a comprehensive antivirus that will monitor the files when they are transferred. Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 22, 2019 9 hours ago, Salil said: Is there any change to get a decryptor for .kodg variant of STOP/Djvu with online ID? Only if law enforcement catches the criminals and releases their database of private keys. Quote Share this post Link to post Share on other sites
ethem 0 Report post Posted November 23, 2019 Now that my id is offline is there a chance that my key would turn into online key if I connect to internet or something else? @GT500 @Amigo-A Quote Share this post Link to post Share on other sites
raden 1 Report post Posted November 23, 2019 how about me , can you help me? Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool:https://we.tl/t-wj1fybU0Fy Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0185Asd374y5wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF I also try the decryptor but unable to do it : Starting... File: C:\9YIN\《九阴真经》马来客户端安装程序v0.0.1.148_20170331\data1.cab.kodg Error: Unable to decrypt file with ID: wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF File: C:\9YIN\《九阴真经》马来客户端安装程序v0.0.1.148_20170331\data1.hdr.kodg Error: Unable to decrypt file with ID: wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF File: C:\9YIN\《九阴真经》马来客户端安装程序v0.0.1.148_20170331\data10.cab.kodg 1 Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 24, 2019 16 hours ago, ethem said: Now that my id is offline is there a chance that my key would turn into online key if I connect to internet or something else? @GT500 @Amigo-A If your files were originally encrypted with an offline key, then it is physically impossible for the key for your files to change without first decrypting them and then encrypting them again. 16 hours ago, raden said: Error: Unable to decrypt file with ID: wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
Salil 0 Report post Posted November 24, 2019 On 11/22/2019 at 2:05 AM, Amigo-A said: Download Image Download ImageDownload ImageDownload Image Hello @Salil To transfer data, it is best to connect the disk as a secondary to another PC or to a new disk with a new system and a comprehensive antivirus that will monitor the files when they are transferred. Thank you for help. I was able to save and secure most of my data. I connected the disk as a secondary to Mac machine and it worked well. But approximately 30% data got encrypted. Hope law enforcement catches the criminals soon. Download Image Quote Share this post Link to post Share on other sites
DEEMS 0 Report post Posted November 24, 2019 Im from Kerala , same situation all 1 tb Wedding images of 16 wedding ( "works still not yet finished" ) encrypted as .kodg. I' will suicide if i didn't able to get those files. Otherwise, They'll break my shop and kill me. Quote Share this post Link to post Share on other sites
Amigo-A 123 Report post Posted November 24, 2019 Hello @DEEMS No need to be so upset. You need to wait for the support of the .kodg variant to be added to the Emsisoft Decryptor. Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 25, 2019 17 hours ago, DEEMS said: Im from Kerala , same situation all 1 tb Wedding images of 16 wedding ( "works still not yet finished" ) encrypted as .kodg. I' will suicide if i didn't able to get those files. Otherwise, They'll break my shop and kill me. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ If recovery of your data is absolutely imperative, then Coveware may be able to negotiate a lower cost for the ransom payment for you. Quote Share this post Link to post Share on other sites
ethem 0 Report post Posted November 27, 2019 @GT500 sir I've seen some people gets ''unable to decrypt file with ID:..'' ERROR then I decided to try the decryptor and it says ''unable to connect to remote server''. Is it normal? Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 28, 2019 12 hours ago, ethem said: I've seen some people gets ''unable to decrypt file with ID:..'' ERROR That error happens when there is no decryption key found in our database for a file's ID. Most of the time it simply means they have an online ID, however with a number of newer variants we still don't have the decryption keys for offline ID's and thus the error can be seen in those cases as well. 12 hours ago, ethem said: I decided to try the decryptor and it says ''unable to connect to remote server''. Is it normal? That's a fairly abnormal error message, and could happen due to a number of issues. Something could be blocking the decrypter from connecting to our servers, something could be preventing DNS resolution for the address of the database the decrypter connects to, or there could just be general Internet stability issues causing problems with connecting to our servers. Are you able to visit the following link in a web browser on the effected computer?https://decrypter.emsisoft.com/ Quote Share this post Link to post Share on other sites
ethem 0 Report post Posted November 28, 2019 it seemed the windows defender was blocking decrypter. I disabled it and tried again aaand decrypted all my files. Thank you sir so so much. @GT500 Download Image Quote Share this post Link to post Share on other sites
almaje 0 Report post Posted November 28, 2019 24 minutes ago, ethem said: it seemed the windows defender was blocking decrypter. I disabled it and tried again aaand decrypted all my files. Thank you sir so so much. @GT500 Download ImageDownload Image Hi, What is your public key ? Quote Share this post Link to post Share on other sites
ethem 0 Report post Posted November 28, 2019 3 minutes ago, almaje said: Hi, What is your public key ? 0185Asd374y5PudfHNy57KnZX7JgM3qZqXmBFG8oBnAXljw1XTt1 Quote Share this post Link to post Share on other sites
daoken 0 Report post Posted November 29, 2019 My computer is infected with .kodg. _readme: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What happens you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool:https://we.tl/t-wj1fybU0Fy Price of private key and decrypt software is $ 980. Discount 50% available if you contact us first 72 hours, that's price for you is $ 490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0185Asd374y5DOfyuHIoRbJpglL0ddhduETw96qcAYEVSqm7ktXu - Then I sent them from [email protected], an HSKT Anh Tuan file 23-10.dwg.kodg, asked them to open the test, then I paid, and they sent me an open file for completion. safe. - I used the decoder: decrypt_STOPDjvu but Error: Unable to decrypt file with ID: DOfyuHIoRbJpglL0ddhduETw96qcAYEVSqm7ktXu - So I uploaded the file to see everyone, please help me. thank you File virus :HSKT Anh Tuan file 23-10.dwg.kodg https://www.fshare.vn/file/I5WVGD8OGX29?token=1574999201 File them successfully unlocked the test for me :HSKT Anh Tuan file 23-10.dwg https://www.fshare.vn/file/5WVDYH9HFEHW?token=1574999219 Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 29, 2019 17 hours ago, ethem said: it seemed the windows defender was blocking decrypter. I disabled it and tried again aaand decrypted all my files. Thank you sir so so much. @GT500 Did Windows Defender allow you to report the issue to Microsoft? 16 hours ago, almaje said: What is your public key ? Public keys don't matter. They're useless for anything other than encrypting data. Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 29, 2019 3 hours ago, daoken said: Your personal ID: 0185Asd374y5DOfyuHIoRbJpglL0ddhduETw96qcAYEVSqm7ktXu This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
daoken 0 Report post Posted November 29, 2019 1 hour ago, GT500 said: This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ So I have to delete all the files on my computer? Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted November 30, 2019 20 hours ago, daoken said: So I have to delete all the files on my computer? No, I recommend you make a backup of all encrypted files in case it's possible to decrypt them some day. Quote Share this post Link to post Share on other sites
cherry 0 Report post Posted December 2, 2019 does anyone know this virus belongs to offline or online id ? File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$R2E0GK8.meka Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$RBGR1AK.meka Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI Quote Share this post Link to post Share on other sites
cherry 0 Report post Posted December 2, 2019 does anyone know this virus belongs to offline or online id ? File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$R2E0GK8.meka Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$RBGR1AK.meka Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted December 3, 2019 On 12/1/2019 at 10:46 PM, cherry said: Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI That's an online ID. Quote Share this post Link to post Share on other sites
Rinku Singh 0 Report post Posted December 3, 2019 Unable to decrypt with id uyjZj1kmz1r87C4S3IZvenHHgE9aNGI95IeN2hN3 Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted December 4, 2019 22 hours ago, Rinku Singh said: Unable to decrypt with id uyjZj1kmz1r87C4S3IZvenHHgE9aNGI95IeN2hN3 This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
HandsomRansom 0 Report post Posted December 10, 2019 Hi, Another victim here if anyone can help? Error: Unable to decrypt file with ID: TOXDInfMdDlMYmPGiw4B39ak3cpMhphR7vlVR74z Thanks. Quote Share this post Link to post Share on other sites
GT500 770 Report post Posted December 11, 2019 18 hours ago, HandsomRansom said: Error: Unable to decrypt file with ID: TOXDInfMdDlMYmPGiw4B39ak3cpMhphR7vlVR74z This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
E.H 0 Report post Posted January 20 I couldn't find a decryption for the files infected by .kodg. The text file of virus shows the following key: Your personal ID: 0185Asd374y5qZpP5BXsRMENhKHwdYJLDHeSIrmHia52jEOBSAaG Anybody has a solution ? _readme.txt Quote Share this post Link to post Share on other sites
Kevin Zoll 307 Report post Posted January 20 Hello @E.H, Welcome to the Emsisoft Support Forums. The ID you supplied is an online ID, meaning that the files cannot be decrypted. An online ID means that your encryption key was generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. There is more information available at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
