Angel_Granado

I got the Ransomware .nose

Recommended Posts

I just got the Ransomware .nose yesterday January 18 and i been looking for a way to fix the problem, which emisoft cannot solve due to the fact that .nosu is a new version of the malware but i found this web page https://easyremovalguide.com/nosu-file-virus-removal-guide/ have you guys try some of those softwares offered on that webpage that promise unencrypt all your files? are they safe? 

If someone has the same type of ransomware like me, let me know please.

Share this post


Link to post
Share on other sites

Attach a ransom note and several encrypted files to your message. Do not change anything.

The site you specify is web spam and cannot be considered a reliable source of information.

You write about two different extensions that differ by one letter - nose and nosu. 

Share this post


Link to post
Share on other sites

I am attaching a file pair below pleasee help me out

It is .Nosu extension

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-Oc0xgfzC7q
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

Modules and questions.pdf.nosu Modules and questions.pdf

Share this post


Link to post
Share on other sites

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

  

12 hours ago, NKK said:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

@NKK

@Pree

@Angel_Granado

Need a full ID from your ransom note. We won’t be able to tell you anything without this.

Share this post


Link to post
Share on other sites

Thanks for the reply 

This is my Id 0197nTsddDIwEtpIK6kgFIcX2WF5PL9Sluk6KBxQRzL7PUDOm

Please tell me is it offline or online !!!

Share this post


Link to post
Share on other sites

@Angel_Granado

@NKK

@Mavincenzi

@Pree

If the extortionists did not change the details (most likely - no, did not change), then the new samples with offline ID, like last year’s, should end with t1.

You have suffered from an international ransomware called "STOP Ransomware". 
Previously,  could decrypt files using a "STOP-Djvu Decrypter".

Then it was redesigned and a new "Emsisoft STOP Decryptor" was created on its basis.

This link contains detailed instructions and a link to download the Emsisoft STOP Decryptor. But he is not yet configured to decrypt files after the attack of new variants with .kodc and .nosu extensions.

Share this post


Link to post
Share on other sites
24 minutes ago, Amigo-A said:

@Angel_Granado

@NKK

@Mavincenzi

@Pree

If the extortionists did not change the details (most likely - no, did not change), then the new samples with offline ID, like last year’s, should end with t1.

You have suffered from an international ransomware called "STOP Ransomware". 
Previously,  could decrypt files using a "STOP-Djvu Decrypter".

Then it was redesigned and a new "Emsisoft STOP Decryptor" was created on its basis.

This link contains detailed instructions and a link to download the Emsisoft STOP Decryptor. But he is not yet configured to decrypt files after the attack of new variants with .kodc and .nosu extensions.

Ty, I'll keep the files for while. It is only some movies, pictures and MP3 songs, nothing critical.
This information could be useful someway. The infection happened two days ago, when I tried to install a software from a torrent. I've two partitions on my computer c:/ and d:/, the sofware was download on D:, but installed on c:/. Only the partition d:/ was affected by this.

Share this post


Link to post
Share on other sites
15 hours ago, NKK said:

This is my Id 0197nTsddDIwEtpIK6kgFIcX2WF5PL9Sluk6KBxQRzL7PUDOm

This is an online ID.

 

15 hours ago, Mavincenzi said:

Looks like I was victim too. :(

Your ransom note contains an online ID.

Share this post


Link to post
Share on other sites

@NKK

Quote

 

Thanks !!

Would I be able to recover my files by any chance ?

I just want to let you know that this malware had created a text mssg  in all folders of my system. Will it indicates that ID is offline ? I have read it some where, but I am not sure !!

 

The report system is not for making replies.  Further abuse of the of the report system will result in a formal warning.

Regardless of what you may or may not have read somewhere online, the presence of ransom notes all over the file system is not an indicator of the ID being an Offline ID.  It is just what ransomware does.

Your Personal ID of 0197nTsddDIwEtpIK6kgFIcX2WF5PL9Sluk6KBxQRzL7PUDOm  is an Online ID and as such our tool is incapable of decrypting your files.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.