Jump to content

New Variant offline ID


Recommended Posts

22 hours ago, Amigo-A said:

Hello.

This is not a software error/bug. This is how the 'Emsisoft Decryptor' reports what it has found.
---
You have been attacked by the newest variant of 'STOP Ransomware'.
The decryption key has not yet been received for this variant.
Adding the key to the 'Emsisoft Decryptor' depends on the voluntary transfer of the purchased key by one of the victims.

Dear,
Thanks a lot for your explanation.
i'll be waiting for your notification and support once you can receive the key from the voluntary.

Link to comment
Share on other sites

2 hours ago, Khalid said:

i'll be waiting for your notification

I will not be able to inform you personally because a lot of people (many hundreds of thousands!) have suffered from this ransomware for 3.5 years of activity.
You need to download the Decryptor again and check it once a day of the 2-3 week. 

Link to comment
Share on other sites

That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019.

Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.

Link to comment
Share on other sites

17 hours ago, Thiago Luis said:

offline ID: ppmn5q6DzrybvhIkCuuqaearFxJ8Rc3difSaWft1

Hello @Thiago Luis

Good, you have an offline ID. 

But we cannot predict when someone will share the purchased key with the 'Emsisoft Decryptor' developers. Its addition to Decryptor depends on the voluntary transfer of the key so that others victims can decrypt the files without paying a ransom.
The encrypted files need to be saved to an external drive to prevent encryption from being repeated by another ransomware attack.

---

If the files are needed urgently and you can't wait until it becomes possible to decrypt all the files ...

 

If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp 

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

If you still have questions and need more information, then you can read this Guide. It seems, that all the information on decryption is collected there.

 
Please note that Emsisoft provides this decryption service for free and as soon as it becomes possible to update the Decryptor and add new keys, it is done without delay.

Link to comment
Share on other sites

I think the following information will be useful to you.

This 'STOP Ransomware' enters the PC due to the fact that it is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect your PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If you used comprehensive protection of the 'Internet Security' class, then it would help protect your PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an 'info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.
Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ 

Link to comment
Share on other sites

  • 4 weeks later...

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

  • Like 1
Link to comment
Share on other sites

Adding the decryption key to the Emsisoft Decryptor depends on the voluntary transfer of the key by someone who paid the ransom. When this will be done, no one can predict. Therefore, the wait may drag on indefinitely.

---

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way. You decide what action to take.

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

  • Like 1
Link to comment
Share on other sites

19 hours ago, Long Hoàng said:

Hi Emsisoft , Can i ask is there any decrypt that can open ? 

Thanks a lot 

Error: No key for New Variant offline ID: CatwRkqdYh2Jomn6DqwFoGgcSbDsle1xlE1NPtt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

PĐH 001-21-CTY - SHOWROOM.xlsx.moqsUnavailable

Hello Long, it seems that i have the same offline id as you. Just got the malware last night. Any news about how we can get this trough? thanks a lot

  • Like 1
Link to comment
Share on other sites

9 hours ago, Amigo-A said:

Việc thêm khóa giải mã vào Emsisoft Decryptor phụ thuộc vào việc tự nguyện chuyển khóa của người đã trả tiền chuộc. Khi nào điều này sẽ được thực hiện, không ai có thể đoán trước. Do đó, sự chờ đợi có thể kéo dài vô thời hạn.

---

Chỉ sau khi vô hiệu hóa tất cả các tệp độc hại ...

Tôi khuyến nghị phương pháp sau đây chỉ khi không còn cách nào khác . Bạn quyết định hành động cần thực hiện.

Đây không phải là giải mã, mà là khôi phục một số loại tệp nhất định bằng cách sử dụng các tính năng của các tệp này.

1) Nếu bạn có các kho lưu trữ được mã hóa, bạn có thể khôi phục một phần chúng. Chỉ có 1-2 tệp bị hỏng ở đó. Xóa phần mở rộng mà ransomware đã thêm vào kho lưu trữ và giải nén các tệp theo cách thông thường. Mọi thứ ngoại trừ 1-2 tệp sẽ được sửa. Nếu chỉ có 1 tệp trong kho lưu trữ, thì rất có thể nó sẽ không thể khôi phục được.

2) Có một cách thay thế (bổ sung) để khôi phục một số tệp phương tiện:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

Nhưng trước khi thử biến thể thay thế với các tệp phương tiện, bạn nên tạo một bản sao của các tệp được mã hóa. Cái gì đó sẽ được khôi phục tốt hơn, cái gì đó sẽ được khôi phục tệ hơn. 

Một phương pháp thay thế cho các tệp khác vẫn chưa được tìm thấy.

thanks a lot emsisoft , I' ll follow the quote u sent , and wait , hope emsisoft will ad variants soon  .

Link to comment
Share on other sites

1 hour ago, alexandru prepelita said:

Hello Long, it seems that i have the same offline id as you. Just got the malware last night. Any news about how we can get this trough? thanks a lot

I don't have a solution for this at the moment , I hope u can help if there is any other  infomation . Don't trust any other unorthodox infomation  , they are all scams . ( via instagram )  Thanks a lot 

Link to comment
Share on other sites

Hi,

Infected by .neer.. so after I remove the viruses I run the program and

I got this message in log section:

Error: No key for New Variant online ID: 4TqdjZ4tpubABp9ra3ZfYiCxI9EgGw0b60oCJIn1
Notice: this ID appears to be an online ID, decryption is impossible
 

Kindly help me.

Link to comment
Share on other sites

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

Link to comment
Share on other sites

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way. You decide what action to take.

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...