Fahad_826

How to decrypt .redl files?

Recommended Posts

Got affected by this ransomeware and tried my best  but couldnt find anything to decrypt it so far as its a fairly new ransomware and nothing can decrypt it.I tried emsisoft but it hasnt been update to be able to deal with this ransomware.Anyone know when will they update it or anything else i can do?

Share this post


Link to post
Share on other sites

Same here... 😥

Please help me...

 

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-lfgsmr5vzo
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0196Asd374y5iuhldVAVCdNwiYzB4w42uh9Oain7M8QbygP4SwAD265wM

Share this post


Link to post
Share on other sites

Hello @Fahad_826, @bahblo, @Luisa,

Thank you for contacting Emsisoft Support.

That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated recently, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019.

 

Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation.

While it is very rare that it helps, you might try using undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation and will communicate on your behalf with the criminals that created the ransomware.

Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies that specialize in ransomware negotiation.

Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice. choice.

 

Share this post


Link to post
Share on other sites
3 hours ago, Kevin Zoll said:

Hello @Fahad_826, @bahblo, @Luisa,

Thank you for contacting Emsisoft Support.

That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated recently, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019.

 

Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation.

While it is very rare that it helps, you might try using undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation and will communicate on your behalf with the criminals that created the ransomware.

Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies that specialize in ransomware negotiation.

Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice. choice.

 

 

I'm getting "unable to decrypt" in all files

 

do you think future versions of Emsisoft can decrypt?

 

please help 

Share this post


Link to post
Share on other sites
2 hours ago, alexmoreira said:

do you think future versions of Emsisoft can decrypt?

If law enforcement is able to gain access to the database of private keys run by the criminals, then it would be possible.

Share this post


Link to post
Share on other sites
12 hours ago, GT500 said:

If law enforcement is able to gain access to the database of private keys run by the criminals, then it would be possible.

 And what are the chances of that happening and how often does that happen? The software can decrypt other ransomware,did they also require law inforcements gaining access to their database?

Share this post


Link to post
Share on other sites
11 hours ago, Fahad_826 said:

And what are the chances of that happening and how often does that happen?

It's difficult to estimate the chances. It doesn't happen anywhere near as often as we like, and the amount of time it takes varies so much that it's impossible to generalize.

 

11 hours ago, Fahad_826 said:

The software can decrypt other ransomware,did they also require law inforcements gaining access to their database?

By "the software" are you referring specifically to our STOP/Djvu decrypter, or are you talking about our decrypters for other ransomware?

For STOP/Djvu there was a point where they started using RSA keys, which weren't susceptible to the type of attack we were planning on using in our decrypter that relied on file pairs, and thus this method only works on older variants from before that change. Offline ID's are easy so long as we can get the keys for them, although with newer variants this requires someone who's paid the ransom for an offline ID to send us a copy of the decrypter the criminals sent them so we can extract the private key.

For our other decrypters, some exist due to flaws in ransomware that allowed for easy decryption, and some exist due to decryption keys having been leaked. Decryption keys aren't always leaked by law enforcement, but sometimes by security analysis companies that gained access to the command and control servers, and there have even been a few ransomwares where the criminals making/distributing them released their database of keys for free.

Share this post


Link to post
Share on other sites

Since the Redl virus belongs to Stop (djvu) ransomware, the free 'STOP (djvu) decryptor' can be used to decrypt .redl files.

STOP (Redl) decryptor to decrypt .redl files use:
Download Redl decryptor' STOP Djvu decryptor'
Scroll down to the 'New Djvu ransomware' section.
Download the 'decrypt_STOPDjvu.exe' file to your desktop.
Run decrypt_STOPDjvu.exe
Select the directory or drive where the encrypted files are located.
Click the Decrypt button.

Unfortunately, free Redl decryptor is not always able to decrypt files. But even in this case, it is possible to restore the contents of encrypted files. To do this, you can try to use ShadowExplorer or PhotoRec.

Share this post


Link to post
Share on other sites
1 hour ago, Hope O'hara said:

Since the Redl virus belongs to Stop (djvu) ransomware, the free 'STOP (djvu) decryptor' can be used to decrypt .redl files.

STOP (Redl) decryptor to decrypt .redl files use:
Download Redl decryptor' STOP Djvu decryptor'
Scroll down to the 'New Djvu ransomware' section.
Download the 'decrypt_STOPDjvu.exe' file to your desktop.
Run decrypt_STOPDjvu.exe
Select the directory or drive where the encrypted files are located.
Click the Decrypt button.

Unfortunately, free Redl decryptor is not always able to decrypt files. But even in this case, it is possible to restore the contents of encrypted files. To do this, you can try to use ShadowExplorer or PhotoRec.

Stop decryptor doesn't support redl as far as i know.I tried some recovery tools but all they did was just restore some cahce photos from my browser or deleted files.If theres a decryptor that can decrypt the .redl files,i'll be glad to try it out if u can share the link

Share this post


Link to post
Share on other sites

Support for this variant of STOP Ransomware has not yet been added to the Emsisoft decryptor. 
When this is done, it will be possible to decrypt files that have been encrypted using an offline key.
But it is impossible to decrypt files that are encrypted using an online key. Only cybercrime has decryption keys.

Share this post


Link to post
Share on other sites
On 12/25/2019 at 2:58 AM, Fahad_826 said:

Stop decryptor doesn't support redl as far as i know.

If you mean the old STOPDecrypter that Michael Gillespie made on his own, then that is correct.

If you were referring to the STOP/Djvu decrypter made by Emsisoft, then it supports all variants of STOP/Djvu. It can't decrypt files from .redl unless the files have an offline ID because it's a newer variant that uses RSA keys, and isn't susceptible to the method we use to decrypt older variants with online ID's.

Share this post


Link to post
Share on other sites
On 12/27/2019 at 10:09 PM, Hau Huynh 99 said:

I suppose my file was encrypted with offline key, 0196Asd374y5iuhldiIiGYUzv3s4ychYXlQIMiJlnVi3Zvtd6RnQwDZt1

Is there anything I can do to recover my files?

Yes, that looks like an offline ID.

I recommend running the decrypter once every week or two, that way if we're able to get our hands on the private key for that offline ID then your files should be decrypted after we add it to our database.

Share this post


Link to post
Share on other sites
19 hours ago, thagro said:

How can i tell wether my files are  onine or offline decrypted?

The ID in the ransom notes should be enough, although it's not 100% accurate (running the decrypter will show you the ID for each file it fails to decrypt and gives the best results). If the ID for a file ends in t1 then it is almost certainly an offline ID, otherwise it is almost certainly an online ID. There's more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

any update about restore the files infected with .redl ?

i already removed the virus, however all methods failed to return my files

the ID. left in text message:

0196Asd374y5iuhldLHCpzMFZgPnc5LycQVfvu8sxahj9GWP5bqd0zQVL

Share this post


Link to post
Share on other sites
7 hours ago, Ahmad Sallam said:

the ID. left in text message:

0196Asd374y5iuhldLHCpzMFZgPnc5LycQVfvu8sxahj9GWP5bqd0zQVL

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-lfgsmr5vzo
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0196Asd374y5iuhldKXAm1sbzgYJwX8YwKZAJiNVpZyzauM3bHIHncELV

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.