athul

please help to decrypt .KODC virus

Recommended Posts

my pc is infected with ransomware virus all file extension is   .kodc

please help me  to recover my encrypted files

is it poosible to recover my data?

i have run a scan using anti virus and removed all the virus i think i have attached the scan log with the topic i have also attached readme file i found in my drives and one file that got infected

please help me recover my files 

_readme.txt 2017-04-15-12-26-45-773.jpg.kodc ScanLog_2020-01-25 [15-16-27].log

Share this post


Link to post
Share on other sites

@athul

Your personal ID: 0198nTsddS3wnrGHb25jELGAwoOjfGDAONcPEMy6oijuyR0a5

This is an online ID and as such our decryption tool cannot decrypt files that were encrypted using an online ID.

  • Like 1

Share this post


Link to post
Share on other sites

hello. recently mypc been attacked by kodc. is my id online or offline. i dont know how to deterine whether it is online or offline id. 

ths is my id given in the readme.txt 0198nTsddXNb70PPVOBEKhF1dQbPNFMcSEtgmOu6cSJUPIUZR

hopefully emsisoft specialist engineer can came out with decryptor solution. tq in advance.

 

Share this post


Link to post
Share on other sites
4 hours ago, land rover said:

is my id online or offline. i dont know how to deterine whether it is online or offline id. 

ths is my id given in the readme.txt 0198nTsddXNb70PPVOBEKhF1dQbPNFMcSEtgmOu6cSJUPIUZR

It's an online ID.

 

4 hours ago, land rover said:

hopefully emsisoft specialist engineer can came out with decryptor solution.

Unfortunately I don't think there's anything we'll be able to do for online ID's unless we can somehow obtain the database of private keys kept by the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites
3 hours ago, Sampath said:

My ID is urTsmVYwOVGu92XuFiPELkiLiSZ1ULBc6HmPpO4U

All of these are newer variants of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

just my opinion.

 

is there any possibilities to hack the criminal server when the virus installer is connected to the server when installing. because i noticed when i install some of the fake software, the installer do not come as normal it should be, but different installer with mask icon ( the virus installer ). can the server be detected with special programming software?  if can, is the data kept on that server be seized for decrypt purpose.? perhaps the criminals are good in making software, but lack in hacking skill ?.

 

this is only my opinion. tq

Share this post


Link to post
Share on other sites
On 2/1/2020 at 9:22 AM, land rover said:

is there any possibilities to hack the criminal server when the virus installer is connected to the server when installing.

If it were possible to gain access to the database of private keys, then we'd have already done so, or another group would have.

 

On 2/1/2020 at 9:22 AM, land rover said:

can the server be detected with special programming software?

We already know the addresses that the ransomware connects to. It's just a matter of reverse engineering the ransomware, and malware analysts are usually trained in how to do that.

 

On 2/1/2020 at 9:22 AM, land rover said:

if can, is the data kept on that server be seized for decrypt purpose.?

It is technically possible, as long as the location of the server can be accurately determined, and as long as law enforcement agencies that want to seize the server actually have jurisdiction in the area the server is located in. Sadly, some countries don't care about cyber criminals, especially if they aren't harming any of the citizens in the country they are operating out of.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.