jaffar Posted November 29, 2019 Report Share Posted November 29, 2019 Yeah happened to me yesterday … Every single file (a billion) in data partition is encrypted. Damage is huge but no time to cry, system reinstalled and no new .rote files. Any chance, ever ... tnx ... Word.doc Word.doc.rote _readme.txt Link to comment Share on other sites More sharing options...
Amigo-A Posted November 29, 2019 Report Share Posted November 29, 2019 Hello @jaffar Quote 0187Asd374y5iuhld8vqlSswfRM10lCmckClRtShnwcsZaWzZnsPeYbt1 There are symbols t1 here, so in the future, a decryption key may be added to this Emsisoft decryptor. You need to wait. When this will be realized, it is not known, maybe soon, maybe not soon. It is regularly updated. Link to comment Share on other sites More sharing options...
jaffar Posted November 29, 2019 Author Report Share Posted November 29, 2019 Tnx I will wait, honestly I don't have to much option, maybe some day ... Link to comment Share on other sites More sharing options...
GT500 Posted November 30, 2019 Report Share Posted November 30, 2019 10 hours ago, jaffar said: Tnx I will wait, honestly I don't have to much option, maybe some day ... My recommendation is to try the decrypter once every week or two to see if the key has been added to our database. Link to comment Share on other sites More sharing options...
jaffar Posted November 30, 2019 Author Report Share Posted November 30, 2019 Sure I will. Tnx for suggestion. Link to comment Share on other sites More sharing options...
GT500 Posted November 30, 2019 Report Share Posted November 30, 2019 3 hours ago, jaffar said: Sure I will. Tnx for suggestion. You're welcome. Link to comment Share on other sites More sharing options...
jaffar Posted July 9, 2020 Author Report Share Posted July 9, 2020 After seven month nothing new, I know ... there is a thousand cases ... I read a little bit and if I understood we have Id inside the read.me public key. To decrypt files I need private key. Em I wright? What can I do if I have private key? tnx. Link to comment Share on other sites More sharing options...
GT500 Posted July 10, 2020 Report Share Posted July 10, 2020 8 hours ago, jaffar said: there is a thousand cases ... For STOP/Djvu a thousand cases is an understatement. There are nearly that many new cases every day (roughly 700-800 daily submissions to ID Ransomware at least). Not that the actual number of cases matters. Decrypting even one person's files is impossible without their private key. 8 hours ago, jaffar said: I read a little bit and if I understood we have Id inside the read.me public key. To decrypt files I need private key. There is an ID inside the readme files, and this ID identifies which private key should be used to decrypt your files. Public keys are used to encrypt files, and normally you won't see these. Some people do manage to find these on their computers, however they are useless for decryption. 8 hours ago, jaffar said: What can I do if I have private key? Only the criminals have the private keys, unless you paid the ransom and they sent you a decrypter. Link to comment Share on other sites More sharing options...
jaffar Posted July 10, 2020 Author Report Share Posted July 10, 2020 Tnx for answer, That's all clear, but focus of my question was what can I do if I have a private key, can I send to you or what? I know only the criminals have private key (probably aes) but someone posted private key for ID 8vqlSswfRM10lCmckClRtShnwcsZaWzZnsPeYbt1 (which is mine) of course I can't be sure if it works, maybe it will help to someone else ... Sorry if bothering You, I'm just try to participate. Link to comment Share on other sites More sharing options...
GT500 Posted July 11, 2020 Report Share Posted July 11, 2020 9 hours ago, jaffar said: That's all clear, but focus of my question was what can I do if I have a private key, can I send to you or what? We can add private keys to our database. 9 hours ago, jaffar said: I know only the criminals have private key (probably aes) Newer variants of STOP/Djvu use RSA keys. 9 hours ago, jaffar said: someone posted private key for ID 8vqlSswfRM10lCmckClRtShnwcsZaWzZnsPeYbt1 (which is mine) of course I can't be sure if it works, maybe it will help to someone else ... Isn't that the offline ID for .zobm? We already have the private key for that offline ID. Is our decrypter not able to decrypt your files? If not, then what does it say when it fails to decrypt? Link to comment Share on other sites More sharing options...
jaffar Posted July 11, 2020 Author Report Share Posted July 11, 2020 Actually someone posted for .msop, same Id as I have with .rote files. There is decrypter log in attachment as you can see the ID is the same. If you want I will send posted rsa key in private message or whatever you want. Link to comment Share on other sites More sharing options...
cybermetric Posted July 11, 2020 Report Share Posted July 11, 2020 1 hour ago, jaffar said: Actually someone posted for .msop, same Id as I have with .rote files. There is decrypter log in attachment as you can see the ID is the same. If you want I will send posted rsa key in private message or whatever you want. Download Image The offline ID for .msop is d8TwbCMGuw5Ei5PlymKj0pldFtsUYeGxci3YGlbt1 - .msop It is NOT the same as yours. Link to comment Share on other sites More sharing options...
GT500 Posted July 14, 2020 Report Share Posted July 14, 2020 On 7/11/2020 at 10:30 AM, jaffar said: Actually someone posted for .msop, same Id as I have with .rote files. OK, we do not have the private key for .rote's offline ID. I assume this is the key you're talking about?https://pastebin.com/eF3vEZLc Link to comment Share on other sites More sharing options...
GT500 Posted July 14, 2020 Report Share Posted July 14, 2020 @jaffar we never actually got a sample of the .rote variant of STOP/Djvu, so we don't have its offline ID on file. Could you attach a copy of the encrypted file to a reply that our decrypter says has an offline ID? The Word document you attached to your first post has an online ID (q6OxUk3VDgW4BqrccLHj9q406UixL5m64FmWEkRP) and thus isn't going to be decryptable. Link to comment Share on other sites More sharing options...
jaffar Posted July 15, 2020 Author Report Share Posted July 15, 2020 On 7/14/2020 at 10:50 AM, GT500 said: OK, we do not have the private key for .rote's offline ID. I assume this is the key you're talking about?https://pastebin.com/eF3vEZLc This is it. On 7/14/2020 at 4:45 PM, GT500 said: @jaffar we never actually got a sample of the .rote variant of STOP/Djvu, so we don't have its offline ID on file. Could you attach a copy of the encrypted file to a reply that our decrypter says has an offline ID? The Word document you attached to your first post has an online ID (q6OxUk3VDgW4BqrccLHj9q406UixL5m64FmWEkRP) and thus isn't going to be decryptable. Here is some crypted files, if you want more or different extensions, I can attach, I have millions of them I know it's not funny ... The only one text file I received from the attacker was attached in the first post. Thank you for your patience. A-SD-HD.jpg.rote GPS.txt.rote Link to comment Share on other sites More sharing options...
Demonslay335 Posted July 15, 2020 Report Share Posted July 15, 2020 @jaffar Thank you, I was able to confirm the key works for your files with that ID. I have added it to the server for the .rote extension. You may simply re-run the decryptor, and it should be able to decrypt some of your files now. 1 Link to comment Share on other sites More sharing options...
jaffar Posted July 15, 2020 Author Report Share Posted July 15, 2020 Nope, big, big ... thank you. I just try to participate. If I have contributed at least a little I have reason to be pleased ... Link to comment Share on other sites More sharing options...
Recommended Posts