Jump to content

Ransomware .rote


jaffar
 Share

Recommended Posts

  • 7 months later...

After seven month nothing new, I know ... there is a thousand cases ...

I read a little bit and if I understood we have Id inside the read.me public key. To decrypt files I need private key.

Em I wright?

What can I do if I have private key?

tnx.

Link to comment
Share on other sites

8 hours ago, jaffar said:

there is a thousand cases ...

For STOP/Djvu a thousand cases is an understatement. There are nearly that many new cases every day (roughly 700-800 daily submissions to ID Ransomware at least).

Not that the actual number of cases matters. Decrypting even one person's files is impossible without their private key.

 

8 hours ago, jaffar said:

I read a little bit and if I understood we have Id inside the read.me public key. To decrypt files I need private key.

There is an ID inside the readme files, and this ID identifies which private key should be used to decrypt your files.

Public keys are used to encrypt files, and normally you won't see these. Some people do manage to find these on their computers, however they are useless for decryption.

 

8 hours ago, jaffar said:

What can I do if I have private key?

Only the criminals have the private keys, unless you paid the ransom and they sent you a decrypter.

Link to comment
Share on other sites

Tnx for answer,

That's all clear, but focus of my question was what can I do if I have a private key, can I send to you or what?

I know only the criminals have private key (probably aes) but someone posted private key for ID 8vqlSswfRM10lCmckClRtShnwcsZaWzZnsPeYbt1 (which is mine) of course I can't be sure if it works, maybe it will help to someone else ...
Sorry if bothering You, I'm just try to participate.

Link to comment
Share on other sites

9 hours ago, jaffar said:

That's all clear, but focus of my question was what can I do if I have a private key, can I send to you or what?

We can add private keys to our database.

 

9 hours ago, jaffar said:

I know only the criminals have private key (probably aes)

Newer variants of STOP/Djvu use RSA keys.

 

9 hours ago, jaffar said:

someone posted private key for ID 8vqlSswfRM10lCmckClRtShnwcsZaWzZnsPeYbt1 (which is mine) of course I can't be sure if it works, maybe it will help to someone else ...

Isn't that the offline ID for .zobm? We already have the private key for that offline ID. Is our decrypter not able to decrypt your files? If not, then what does it say when it fails to decrypt?

Link to comment
Share on other sites

Actually someone posted for .msop, same Id as I have with .rote files.

There is decrypter log in attachment as you can see the ID is the same.

If you want I will send posted rsa key in private message or whatever you want.

Untitled.jpg

Link to comment
Share on other sites

1 hour ago, jaffar said:

Actually someone posted for .msop, same Id as I have with .rote files.

There is decrypter log in attachment as you can see the ID is the same.

If you want I will send posted rsa key in private message or whatever you want.

Untitled.jpg
Download Image

The offline ID for .msop is 

d8TwbCMGuw5Ei5PlymKj0pldFtsUYeGxci3YGlbt1 - .msop 

It is NOT the same as yours.

Link to comment
Share on other sites

@jaffar we never actually got a sample of the .rote variant of STOP/Djvu, so we don't have its offline ID on file. Could you attach a copy of the encrypted file to a reply that our decrypter says has an offline ID? The Word document you attached to your first post has an online ID (q6OxUk3VDgW4BqrccLHj9q406UixL5m64FmWEkRP) and thus isn't going to be decryptable.

Link to comment
Share on other sites

On 7/14/2020 at 10:50 AM, GT500 said:

OK, we do not have the private key for .rote's offline ID.

I assume this is the key you're talking about?
https://pastebin.com/eF3vEZLc

This is it.

On 7/14/2020 at 4:45 PM, GT500 said:

@jaffar we never actually got a sample of the .rote variant of STOP/Djvu, so we don't have its offline ID on file. Could you attach a copy of the encrypted file to a reply that our decrypter says has an offline ID? The Word document you attached to your first post has an online ID (q6OxUk3VDgW4BqrccLHj9q406UixL5m64FmWEkRP) and thus isn't going to be decryptable.

Here is some crypted files, if you want more or different extensions, I can attach, I have millions of them :D I know it's not funny ...

The only one text file I received from the attacker was attached in the first post.

Thank you for your patience.

A-SD-HD.jpg.rote GPS.txt.rote

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...