aiepis

heroset rasomware

Recommended Posts

My files are encrypted with the extension .HEROSET and I can’t seem to find any decryption tool in this site that decrypts such data

Your personal ID: 098bnvvbfgfgXFmm14V2DwtB3eDJzeLNvz5yXrttyC99t15crOae [*] MACs: 1C:1B:0D:C2:7D:04 

 

today 11/24/2019 update the program and I still have no solution please I need help Sorry for my bad English, I'm just a very worried person. thank you be able to listen

ECCMDdQXoAEr7mb.png
Download Image

ECCMDdRXsAARI9x.png
Download Image

Screenshot_6.png
Download Image

Share this post


Link to post
Share on other sites
4 hours ago, aiepis said:

My files are encrypted with the extension .HEROSET and I can’t seem to find any decryption tool in this site that decrypts such data

Your personal ID: 098bnvvbfgfgXFmm14V2DwtB3eDJzeLNvz5yXrttyC99t15crOae

That's an older variant, however since you have an online ID you're going to need to upload file pairs to our online submission form so that the decrypter can "learn" how to decrypt your files. There's more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
4 hours ago, aiepis said:

Hello
I get this error
I can't send it

Try using a different file pair.

Share this post


Link to post
Share on other sites

You have to use the same file, one that is encrypted and one that is not encrypted.  Your screenshot shows that you are using two different files, that just will not work.  You cannot compare two files is they are not the same file.

Share this post


Link to post
Share on other sites

Make sure that the files being submitted are at least 150kb in size, also do not use large files either.

Share this post


Link to post
Share on other sites
8 minutes ago, Kevin Zoll said:

Make sure that the files being submitted are at least 150kb in size, also do not use large files either.

I already tried friend. Excuse me but I don't know what else I can do. It would help me a lot if you can give me another solution. please

 

 

Share this post


Link to post
Share on other sites

IF the service is not accepting your files than the ransomware variant is not supported.  Meaning, that you files cannot be decrypted.

Share this post


Link to post
Share on other sites

Heroset
In my post they said yes. Only it is a variant. Can you help me if I send it but I can't send my file. I think you can, now I need to know if I can pay to help me. just ask me for it .

Share this post


Link to post
Share on other sites

Looking at the IDs in your screen shots those are all online IDs.  The files cannot be decrypted without the private encryption key which was generated and stored on command & control servers under the control of the ransomware group responsible for encrypting your files.  Nobody, including us, other than then the criminals have access to those keys.

Share this post


Link to post
Share on other sites

Without paying the ransom, there is no way to get back your files, and then that is not even a sure thing.

Share this post


Link to post
Share on other sites

Heroset is an 'old djvu' variant. He should be able to decrypt files by uploading a matched original /encrypted file pair to the Emsisoft portal.

Not only do the files need to be >150 KB, the encrypted file must be exactly 78 bytes larger than the original. If it is not,  the original was changed at some point, and for the purposes of decryption is a different file.

Also, with jpg's, several matched file pairs may be needed to get all of the files decrypted. The file pairs must be from the same source, i.e - if the encrypted jpg's were taken with a Konica camera, the file pairs must be from that same source.

 

Share this post


Link to post
Share on other sites

You can attach your file pair to a reply if you'd like, and I can run them by our malware analysts to see if there's anything they can do.

Share this post


Link to post
Share on other sites
7 hours ago, aiepis said:

I need help with this problem. I am very desperate. thank you for your support

You'll need to supply us with a proper file pair, where both files are the same (with the only difference being one is encrypted and one isn't).

Share this post


Link to post
Share on other sites
On 1/2/2020 at 11:35 AM, aiepis said:

Hi. Look at my first picture, it's the same file. but I can not . I really tried everything I have and I still get errorimageproxy.php?img=&key=99be663dd9313b5b
Download Image
Download Image

no sale.png
Download Image
Download Image

You are still not following the instructions. Look at the filenames; they are clearly not the same file, the filenames don't even match up at all.

promocion NOGHE.jpg.heroset
promocionNOCHE.jpg

It has to be the exact same file before and after the encryption. Check this quote by Fabian Wosar.

Quote

It has to be the original. I don't believe you that there is no file on your system where you can't get the original of. Examples: Files you downloaded from the internet that were encrypted, that you can simply download again to get the original, pictures that you shared with friends that they can just send you back, default wallpapers and pictures that were included with your Windows version that you can just get from another system running the same Windows version. There are plenty of ways to get an encrypted with unencrypted file pair.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.