Wagner_tkl

.meka ransomware

Recommended Posts

Fui infectado com o virus Stop Djavu de outubro. Preciso reucuperar meus arquivos urgentemente. O arquivo é .meka. Meu readme é:

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-h159DSA7cz
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0178Asd374y5iuhldINtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O

Share this post


Link to post
Share on other sites
16 hours ago, Wagner_tkl said:

Your personal ID:
0178Asd374y5iuhldINtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Starting...

File: C:\Users\Administrador.NURAP\Desktop\Arquivos criptografados\AlteracoesPortaria1510.pdf
Unable to decrypt Old Variant ID: INtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O
First 5 bytes: 255044462D

File: C:\Users\Administrador.NURAP\Desktop\Arquivos criptografados\AlteracoesPortaria1510.pdf.meka
Unable to decrypt Old Variant ID: INtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O
First 5 bytes: 255044462D

File: C:\Users\Administrador.NURAP\Desktop\Arquivos criptografados\CNPJ.pdf.meka
Unable to decrypt Old Variant ID: INtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O
First 5 bytes: 255044462D

File: C:\Users\Administrador.NURAP\Desktop\Arquivos criptografados\RECARGA DIA 25.xlsx.meka
Unable to decrypt Old Variant ID: INtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O
First 5 bytes: 504B030414

Finished!

?????????????????????????????????????????????????????????????????????????????

Share this post


Link to post
Share on other sites
27 minutes ago, Wagner_tkl said:

Unable to decrypt Old Variant ID: INtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O

So it is written when the Emsisoft Decryptor cannot decrypt the files. The reason is that the encryptor was use an online key to encrypt files. 
An online key is generated on the ransomware server and is a random collection of characters that cannot be picked up for free decryption. Not enough processing power of all supercomputers combined.

Share this post


Link to post
Share on other sites
18 hours ago, Wagner_tkl said:

File: C:\Users\Administrador.NURAP\Desktop\Arquivos criptografados\AlteracoesPortaria1510.pdf.meka
Unable to decrypt Old Variant ID: INtCaq4YE5F6LInFlMEanpjWnkNumE82ffZAPS8O

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.