SebastianR2

Help I can't decrypt my .mkos .nbes files

Recommended Posts

Hi, my computer was affected by Stop / Djvu .nbes .mkos, which identification ends in t1
Id: 0194Asd374y5iuhldT2rTkvqPawuxU1ZHaaduwWpHn6I22SeYX39M9Zt1, (esta id puede ser del archivo MKOS mas no el de NBES)
What I think was an offline encryption is proof that the ransomware has not created and encrypted the new installed file. but I find it HELP!!

Edit. Now I have seen some publications and that information concludes that my problem is offline and RSA code new version after August 2019 which I used the decrypt_STOPDjvu.exe program but I get the message from the photo attached below the error of which cannot be decrypted with the id: T2rTkvqPawuxU1ZHaaduwWpHn6I22SeYX39M9Zt1. But here is the good thing, this takes my sleep away but I think it is worth that id that is there (at the time of editing) is not mine is this: 0194Asd374y5iuhldT2rTkvqPawuxU1ZHaaduwWpHn6I22SeYX39M9Zt1
But realizing that I also have another key that is this but in a text file `` PersonalID '' which is the one that shows the error maybe because I also have the MKOS extension but what is the real ID because they can not help me ?

image.png
Download Image

image.png
Download Image

Captura.JPG
Download Image

Share this post


Link to post
Share on other sites

For files that have an offline ID, once we are able to find the private key for that ID we'll be able to add it to our database and the decrypter should be able to decrypt the files. I recommend running the decrpter once every week or two to see if we've been able to add the private key yet.

As for the .mkos variant, if files with that extension also have offline ID's then same same applies to them. Otherwise, there won't be anything we can do. Newer variants use RSA keys, and won't be decryptable.

Share this post


Link to post
Share on other sites
On 27/12/2019 at 0:57, GT500 said:

Para los archivos que tienen una ID sin conexión, una vez que podamos encontrar la clave privada para esa ID, podremos agregarla a nuestra base de datos y el descifrador debería poder descifrar los archivos. Recomiendo ejecutar el decrpter una vez por semana o dos para ver si ya hemos podido agregar la clave privada.

En cuanto a la variante .mkos, si los archivos con esa extensión también tienen ID sin conexión, se aplicará lo mismo. De lo contrario, no habrá nada que podamos hacer. Las variantes más nuevas usan claves RSA y no serán descifrables.

Thanks for the answer I will be checking every week. Until then I will continue communicating any news
And about Mkos the truth is that I can not find his key since at the time they attacked I decided to forcefully shut down my PC, there are not so many mkos files, if mounted with the extension nbes and with the extension alone I do not think they could create an ID or maybe an ID alone. Could that happen?image.png.4e27459c40c0180d8effa80053cf068a.png
Download Image

Share this post


Link to post
Share on other sites
1 hour ago, SebastianR2 said:

... if mounted with the extension nbes and with the extension alone I do not think they could create an ID or maybe an ID alone. Could that happen?

Altering the ID's after the files have already been encrypted won't change anything, and may make it impossible to decrypt them even if you have the correct private key.

Share this post


Link to post
Share on other sites

Once the private key for decrypting .nbes extension has been found and added to the decryptor tool database, will it be published anywhere in forum ? Will it be possible to know about it in support forums ?

Share this post


Link to post
Share on other sites
10 hours ago, Rohith said:

Una vez que la clave privada para descifrar la extensión .nbes se haya encontrado y agregado a la base de datos de la herramienta de descifrado, ¿se publicará en algún lugar del foro? ¿Será posible saberlo en los foros de soporte?

When they find the private key it will be uploaded to the help forums or you can also look for it when the page warns that they have found
If your id is offline all the keys either nbes or others will be the same since the id will be the same since being offline the ransomware could not connect to its server and could not give a random id. If you don't know if it's offline, see if your ID ends in t1

Share this post


Link to post
Share on other sites
12 hours ago, GT500 said:

La alteración de los ID después de que los archivos ya se hayan cifrado no cambiará nada, y puede hacer que sea imposible descifrarlos incluso si tiene la clave privada correcta.

Mmm ... well then now I just have to be patient, I hope it can be solved, I need those files I have 4 years of work on my pc and it would be annoying to reset it, since years ago I also attack the Grandcrab 4.0 ransomware very popular for its encryption and updates making it impossible to decrypt, unfortunately format my pc, and today they have already found the keys and I don't want that to happen to me again

Share this post


Link to post
Share on other sites
22 hours ago, Rohith said:

Once the private key for decrypting .nbes extension has been found and added to the decryptor tool database, will it be published anywhere in forum ? Will it be possible to know about it in support forums ?

No, we don't currently publish that information anywhere.

 

12 hours ago, SebastianR2 said:

I need those files I have 4 years of work on my pc and it would be annoying to reset it, since years ago I also attack the Grandcrab 4.0 ransomware very popular for its encryption and updates making it impossible to decrypt, unfortunately format my pc, and today they have already found the keys and I don't want that to happen to me again

The safest way to ensure the safety of your data from ransomware is to keep backups of anything important on some sort of external media (USB flash drives, external hard drives, tape drives, etc) that do not remain connected to the computer the majority of the time. We like to think our Anti-Virus software is pretty good at preventing ransomware, but in the unlikely event that it were to fail it's impossible for ransomware to encrypt files that it can't access.

Share this post


Link to post
Share on other sites

Hello, I wanted to know that today, January 14, 2020, Windows 7 support is disabled and I wanted to know if this affects the repair of my files or the decryption program
I am looking forward to your response

Share this post


Link to post
Share on other sites
5 hours ago, SebastianR2 said:

I wanted to know that today, January 14, 2020, Windows 7 support is disabled and I wanted to know if this affects the repair of my files or the decryption program

End of support for Windows 7 should have no effect on whether or not your files can be decrypted. You could make a backup of your encrypted files and upgrade to a Windows 10 computer, and if a method for decrypting your files were to be released then it should still work.

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.