Mavincenzi 0 Report post Posted January 20 Hi guys, I was victim from this threat yesterday, looks like I've an offline ID, since all my files (.nosu) got a copy of a _readme text file with the default threat text. My Personal ID is: 0197nTsddtILma34zZGXbDA6Ml7mOe2NwGX3EIFGZmWHWSiyI What should I do? Can you guys help me? _readme.txt Quote Share this post Link to post Share on other sites
Kevin Zoll 307 Report post Posted January 20 Hello , Thank you for contacting Emsisoft Support. The ID you supplied is an online ID, meaning that the files cannot be decrypted. An online ID means that your encryption key was generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. There is more information available at the following link: Quote Share this post Link to post Share on other sites
Mavincenzi 0 Report post Posted January 20 Is it possible to do something with the encrypted file and its original file to help? Like a reverse engineering? Quote Share this post Link to post Share on other sites
Kevin Zoll 307 Report post Posted January 20 No it is not feasible to reverse engineer the encryption key. Even if we had the world's most powerful super computer at our disposal it would not be able to crack the encryption algorithm anytime in the next couple hundred thousand years. Quote Share this post Link to post Share on other sites
