jrozasv

Alka & Repp files corrupted - My Thesis is gone :(

Recommended Posts

Hello everyone, i just got infected by a ransomware (Alka & Repp) and all my files are infected. Sadly my Thesis is there and I don't have a up to date backup. I tried using the Decryption and i got this message:

Starting...

File: E:\Test\214-Texto del artículo-845-1-10-20150603.pdf.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: E:\Test\339198347-Navidad-Negra-Cumbia-Jose-Barros.pdf.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: E:\Test\378263621-El-Alegre-Pescador.pdf.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: E:\Test\art07.pdf.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: E:\Test\Escritura.jpg.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: E:\Test\HORARIO FLAVIA 2019.xlsx.docx.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: E:\Test\Los ríos pueden considerarse como jerárquicos.docx.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: E:\Test\Metodología HSMS.docx.alka
No key for New Variant offline ID: j4mSCzF3yhC0DJadRCZ4LxftIh8CY8isHUYeuYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

Finished!
 

Is there any hope??

 

Thank you,

Share this post


Link to post
Share on other sites

Hello @jrozasv,

 

Welcome to the Emsisoft Support Forums.

 

Though those are offline IDs our decryption tool cannot decrypt your files as we are not in possession of the decryption key that matches your offline ID.

Share this post


Link to post
Share on other sites

It's always possible.  We added two offline keys over the weekend.  It really depends on whether our not we are given the key by someone who has paid the ransom.

Share this post


Link to post
Share on other sites
7 hours ago, jrozasv said:

Thank you @Kevin Zoll. Is there any chance that you could get a key or it's obtainable only by paying to the criminals?

Private keys for offline ID's can be found after a victim with an offline ID pays the ransom and donates the decrypter to us. Once that happens for a particular variant, we add the private key to our database for the decrypter to use.

Just run the decrypter once every week or two in order to see when we've added the private key for your variant.

Share this post


Link to post
Share on other sites

Hi @GT500, one question. I want to move al the infected files to an external drive so i can enable my PC again without any corrupted file, basically format it. When i move the files one windows pop up saying that the file might lose some properties when moving it, does it mean that I won't be able to decrypt it in the future? should i just keep all the files in the original location and just buy another hard drive?

I hope I explained myself well enough.

Greetings

Share this post


Link to post
Share on other sites
3 hours ago, jrozasv said:

How can i donate to you??! What can i buy from you in order to keep my PC safe?

We do not accept donations for our work.  If you wish to purchase Emsisoft Anti-Malware a link is in my signature.

3 hours ago, jrozasv said:

@Kevin Zoll can i run 2 instances of the decryptor?

You can run the decrypter as many times as needed.  However, if there is no key for the files it will not be able to decrypt those files.

Share this post


Link to post
Share on other sites

@jrozasv

The Emsisoft Decryptor has been updated to your version with .alka extension. 
Try the Decryptor again
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu 

If you still have an early version in your downloads, then delete it so as not to confuse the files.

Report the results.

 

  • Like 1

Share this post


Link to post
Share on other sites
On 2/5/2020 at 4:56 AM, Kevin Zoll said:

Hello @jrozasv,

 

Welcome to the Emsisoft Support Forums.

 

Though those are offline IDs our decryption tool cannot decrypt your files as we are not in possession of the decryption key that matches your offline ID.

and what of online?

 

Share this post


Link to post
Share on other sites

File: E:\DCIM\147ND750\_DSC6659.JPG.alka
No key for New Variant online ID: FPzMdPDBjct5c2eOceWLQuJY4HG400OqJGcuTHtY
Notice: this ID appears to be an online ID, decryption is impossible

Share this post


Link to post
Share on other sites
14 hours ago, yogesh said:

what for online encryption?

There's nothing that can be done for online ID's. We'd have to have the private keys, and only the criminals who made/distributed the ransomware have those.

 

13 hours ago, AllMyPhoto said:

File: E:\DCIM\147ND750\_DSC6659.JPG.alka
No key for New Variant online ID: FPzMdPDBjct5c2eOceWLQuJY4HG400OqJGcuTHtY
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
On 2/6/2020 at 2:29 AM, Kevin Zoll said:

@guri @jrozasv  We recently added offline keys for ALKA and REPP.  Run the STOPdjvu decrypter again.

@Kevin Zoll, My data is corrupted by alka ransomware..

I have tried several times using STOP djvu decryptor.

Bu, It can't decrypt my file..
I really hope you can help me get my files back.

 

Best regards

ElangDigital

eror alka.jpg
Download Image

Share this post


Link to post
Share on other sites
1 hour ago, ElangDigital said:

I have tried several times using STOP djvu decryptor.

Bu, It can't decrypt my file..

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

Share this post


Link to post
Share on other sites
4 hours ago, Juroan24 said:

@Kevin Zoll @GT500

Just tried using STOP djvu decryptor a while ago and my files were successfully decrypted. Thank you so much Emsisoft Team. 😭

Awesome. We're always glad to hear that. 👍

  • Like 1

Share this post


Link to post
Share on other sites
9 hours ago, milad said:

my files were successfully decrypted,thank you so much.

Awesome. We're always glad to hear that. 👍

  • Like 1

Share this post


Link to post
Share on other sites
8 hours ago, Ninja said:

hello my file format to change alka with online id how to fix that

This isn't something that can be "fixed". You need a private key to decrypt your files, however since you have an online ID it means that only the criminals have the private key that can be used to decrypt your files.

Share this post


Link to post
Share on other sites

Hello Masters.

Unfortunately I got infected by alka ransomware. I have tried stop-djvu but it has problem

 


File: C:\Users\Ali\Desktop\picture.JPG.alka
No key for New Variant online ID: DIFj95c5Exr7CAfSiTAAatCwKjEMiqgEaoMCD23B
Notice: this ID appears to be an online ID, decryption is impossible

 

please Help me

 

Thanks in advance

Share this post


Link to post
Share on other sites
On 4/4/2020 at 11:11 AM, AG1986 said:

No key for New Variant online ID: DIFj95c5Exr7CAfSiTAAatCwKjEMiqgEaoMCD23B
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Unfortunately, I had to send BTC to the hackers wallet. 

Alka ransomeware hacker wallet addresses 

15FC7nBqvg6LpdoDMg8mDne3EnkZj6YNyL

 

12kG3fgGF8Gc8QoxK81dv5utXQsrtN8djA

 

13LC7bmi5qL6Utt4r2Qoi9NQindNyYQwxn

 

I have new key. How can I send you the new private key? I don't want anybody to send money to this hacker.

 

Share this post


Link to post
Share on other sites
On 4/9/2020 at 4:11 AM, AG1986 said:

I have new key. How can I send you the new private key? I don't want anybody to send money to this hacker.

Upload the decrypter they sent you to VirusTotal and post the link to the analysis here. We can download files from VirusTotal.

You can also use a file sharing service like Google Drive, Microsoft OneDrive, etc. to upload the decrypter they sent you and then send the download link to me in a private message.

If the files are small enough, then you can ZIP them and attach them to a reply to this topic or attach them to a private message. Note that some people experience errors when attaching files, so this method may not work for everyone.

Share this post


Link to post
Share on other sites

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-glN3dXaDLr
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0204asdoeoOOdfXxfM6BWV8OFZgn45WwHhlWdQl5xjeAlvqqKrXopw

I HAVE THIS MESSAGE IN README AND IT LOOKS LIKE ONLINE ID RIGHT ?
I REALLY NEEEED TO DECRYPT MY FILES AS SOON AS I CAN BECAUSE IT'S A DIPLOMATIC WORK FILES FOR SOME COMMITTEE AND IT'S A BIG BIG PROBLEM ACTUALLY I DON'T KNOW WHAT TO DO !!!
CAN YOU PLEASE GIVE ME A HAND IN THIS PROBLEM ? I KNOW IT'S A PROBLEM FOR EVERYBODY NOT ONLY ME BUT IT'S VERY HARD TO LOSE THIS DATA FOREVER AND I CANT FIND ANY WAY TO DECRYPT THE FILES .. THE FORMAT IS .ALKA 
PLEASE REPLY ME WITH ANY HOPE 

Share this post


Link to post
Share on other sites
On 4/9/2020 at 3:11 PM, AG1986 said:

Unfortunately, I had to send BTC to the hackers wallet. 

Alka ransomeware hacker wallet addresses 

15FC7nBqvg6LpdoDMg8mDne3EnkZj6YNyL

 

12kG3fgGF8Gc8QoxK81dv5utXQsrtN8djA

 

13LC7bmi5qL6Utt4r2Qoi9NQindNyYQwxn

 

I have new key. How can I send you the new private key? I don't want anybody to send money to this hacker.

 

Hopefully the key is useful for many people. And may your kindness
 be repaid by God

Share this post


Link to post
Share on other sites
17 hours ago, alaaeldindoaa said:

Your personal ID:
0204asdoeoOOdfXxfM6BWV8OFZgn45WwHhlWdQl5xjeAlvqqKrXopw

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.