Recommended Posts

help. all my files are encrypted. :( i got .kodg virus. I got a t1 id but decryptor couldnt decrypt my files.

 

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-wj1fybU0Fy
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
Ny57KnZX7JgM3qZqXmBFG8oBnAXljw1XTt1

Share this post


Link to post
Share on other sites
6 hours ago, ethem said:

Your personal ID:
Ny57KnZX7JgM3qZqXmBFG8oBnAXljw1XTt1

This is a newer variant of STOP/Djvu, and your ID is an offline ID, so once we're able to find the offline key for this variant and add it to our database you should be able to use our decrypter to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
9 hours ago, ethem said:

Wait for you to add .kodg to your database or should i go to police department

A trip to the police would be useful in the event of a single extortion, which did not hit tens of thousands of users around the world.

But this globally crypto-ransomware STOP-Djvu Ransomware and the local police will not be able to help here. 
Wait and regularly (1 time per week) check Emsisoft decryptor support for your variants. 
We can’t say when developers can get the decryption key. This operation cannot be predicted in advance.

Share this post


Link to post
Share on other sites
21 hours ago, ethem said:

So what should i do now? Wait for you to add .kodg to your database or should i go to police department

For now I recommend making a backup of your files and waiting until we can get our hands on the offline key for this variant of STOP/Djvu (you can try the decrypter again every week or two to see if we've been able to add it).

As for reporting this crime, feel free to do so. The more reports law enforcement receives, the more reason they have to track down the criminals behind the ransomware. There's more information about reporting ransomware incidents at the following link:
https://www.nomoreransom.org/en/report-a-crime.html

Share this post


Link to post
Share on other sites

Hi,

My brother's laptop is also infected by this ransomware. I saw few .kodg files and the text file name "_readme". I saw few files were not infected but I just shutdown the laptop immediately.

Questions :

1) Person ID in "_readme.txt" don't have t1 at the end. Is there any change to get a decryptor for .kodg variant of STOP/Djvu with online ID? 

2) What do you recommend to do with laptop which has active ransomware and it also have data which is not yet encrypted and I want to save that data. Laptop is currently off and I am afraid of starting it. Is there any way I can remove this ransomware without loosing any more data? (eg running with command prompt mode or safe mode and doing something to remove ransomware or connecting hard drive to Mac and coping data etc)

Please help,

Thank you

Share this post


Link to post
Share on other sites
9 hours ago, Salil said:

Is there any change to get a decryptor for .kodg variant of STOP/Djvu with online ID?

Only if law enforcement catches the criminals and releases their database of private keys.

Share this post


Link to post
Share on other sites

how about me , can you help me?

 

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-wj1fybU0Fy
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0185Asd374y5wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF

 

I also try the decryptor but unable to do it :

Starting...

File: C:\9YIN\《九阴真经》马来客户端安装程序v0.0.1.148_20170331\data1.cab.kodg
Error: Unable to decrypt file with ID: wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF

File: C:\9YIN\《九阴真经》马来客户端安装程序v0.0.1.148_20170331\data1.hdr.kodg
Error: Unable to decrypt file with ID: wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF

File: C:\9YIN\《九阴真经》马来客户端安装程序v0.0.1.148_20170331\data10.cab.kodg

 

 

  • Like 1

Share this post


Link to post
Share on other sites
16 hours ago, ethem said:

Now that my id is offline is there a chance that my key would turn into online key if I connect to internet or something else? @GT500 @Amigo-A

If your files were originally encrypted with an offline key, then it is physically impossible for the key for your files to change without first decrypting them and then encrypting them again.

 

16 hours ago, raden said:

Error: Unable to decrypt file with ID: wkj5JeV5nzrHu4UX4Scf176UtNcIKH0SPu2eKlyF

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
On 11/22/2019 at 2:05 AM, Amigo-A said:

notebook1.jpg.7b0fed0ba8abc3e62d66130e5f14ba61.jpg
Download Image disk-hdd.jpg.0bd092f902a5c3bc2fecc7a6affa194b.jpg
Download Image
Download Image
Download Image

Hello @Salil

To transfer data, it is best to connect the disk as a secondary to another PC or to a new disk with a new system and a comprehensive antivirus that will monitor the files when they are transferred.

Thank you for help. I was able to save and secure most of my data. I connected the disk as a secondary to Mac machine and it worked well. But approximately 30% data got encrypted. Hope law enforcement catches the criminals soon. 

60D4E24F-6FDD-4D30-B88F-6C2EEE7CFD86.jpeg
Download Image

Share this post


Link to post
Share on other sites

Im from Kerala , same situation all 1 tb Wedding images of 16 wedding ( "works still not yet finished" ) encrypted as .kodg.  I' will suicide if i didn't able to get those files. Otherwise, They'll break my shop and kill me.

Share this post


Link to post
Share on other sites
17 hours ago, DEEMS said:

Im from Kerala , same situation all 1 tb Wedding images of 16 wedding ( "works still not yet finished" ) encrypted as .kodg.  I' will suicide if i didn't able to get those files. Otherwise, They'll break my shop and kill me.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

If recovery of your data is absolutely imperative, then Coveware may be able to negotiate a lower cost for the ransom payment for you.

Share this post


Link to post
Share on other sites

@GT500 sir I've seen some people gets ''unable to decrypt file with ID:..'' ERROR then I decided to try the decryptor and it says ''unable to connect to remote server''. Is it normal?

Share this post


Link to post
Share on other sites
12 hours ago, ethem said:

I've seen some people gets ''unable to decrypt file with ID:..'' ERROR

That error happens when there is no decryption key found in our database for a file's ID. Most of the time it simply means they have an online ID, however with a number of newer variants we still don't have the decryption keys for offline ID's and thus the error can be seen in those cases as well.

 

12 hours ago, ethem said:

I decided to try the decryptor and it says ''unable to connect to remote server''. Is it normal?

That's a fairly abnormal error message, and could happen due to a number of issues. Something could be blocking the decrypter from connecting to our servers, something could be preventing DNS resolution for the address of the database the decrypter connects to, or there could just be general Internet stability issues causing problems with connecting to our servers.

Are you able to visit the following link in a web browser on the effected computer?
https://decrypter.emsisoft.com/

Share this post


Link to post
Share on other sites

My computer is infected with .kodg.
_readme:
ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What happens you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-wj1fybU0Fy
Price of private key and decrypt software is $ 980.
Discount 50% available if you contact us first 72 hours, that's price for you is $ 490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0185Asd374y5DOfyuHIoRbJpglL0ddhduETw96qcAYEVSqm7ktXu
- Then I sent them from [email protected], an HSKT Anh Tuan file 23-10.dwg.kodg, asked them to open the test, then I paid, and they sent me an open file for completion. safe.
- I used the decoder: decrypt_STOPDjvu but Error: Unable to decrypt file with ID: DOfyuHIoRbJpglL0ddhduETw96qcAYEVSqm7ktXu
- So I uploaded the file to see everyone, please help me. thank you

File virus :HSKT Anh Tuan file 23-10.dwg.kodg

 https://www.fshare.vn/file/I5WVGD8OGX29?token=1574999201

File them successfully unlocked the test for me :HSKT Anh Tuan file 23-10.dwg

https://www.fshare.vn/file/5WVDYH9HFEHW?token=1574999219

Share this post


Link to post
Share on other sites
17 hours ago, ethem said:

it seemed the windows defender was blocking decrypter. I disabled it and tried again aaand decrypted all my files. Thank you sir so so much. @GT500

Did Windows Defender allow you to report the issue to Microsoft?

 

16 hours ago, almaje said:

What is your public key ?

Public keys don't matter. They're useless for anything other than encrypting data.

Share this post


Link to post
Share on other sites
3 hours ago, daoken said:

Your personal ID:
0185Asd374y5DOfyuHIoRbJpglL0ddhduETw96qcAYEVSqm7ktXu

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
20 hours ago, daoken said:

So I have to delete all the files on my computer?

No, I recommend you make a backup of all encrypted files in case it's possible to decrypt them some day.

Share this post


Link to post
Share on other sites

does anyone know this virus belongs to offline or online id ?

 

File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$R2E0GK8.meka
Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI

File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$RBGR1AK.meka
Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI

Share this post


Link to post
Share on other sites

does anyone know this virus belongs to offline or online id ?

 

File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$R2E0GK8.meka
Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI

File: C:\$Recycle.Bin\S-1-5-21-3734935062-4241792449-1257728597-1001\$RBGR1AK.meka
Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI

Share this post


Link to post
Share on other sites
On 12/1/2019 at 10:46 PM, cherry said:

Error: Unable to decrypt file with ID: ciHIHNhZs0UNAXsAQny0CrcVeEgKnWM21Uy46NdI

That's an online ID.

Share this post


Link to post
Share on other sites
22 hours ago, Rinku Singh said:

Unable to decrypt with id uyjZj1kmz1r87C4S3IZvenHHgE9aNGI95IeN2hN3

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
18 hours ago, HandsomRansom said:

Error: Unable to decrypt file with ID: TOXDInfMdDlMYmPGiw4B39ak3cpMhphR7vlVR74z

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.