Joeger

I need decryptor .repp extension

Recommended Posts

 
Friends, a week ago a ransomware infected my PC including my 
personal files thumb drive. 
I formatted the PC. 
The file extension is .repp how can I describe these files
Can you help me please.

.repp extension files.

 

mede.txt.repp

Share this post


Link to post
Share on other sites

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
On 2/12/2020 at 3:23 AM, Amigo-A said:

Attach _readme.txt file to you message. 

This is -readme.txt:

=================

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-glN3dXaDLr
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0203asdoeoOOdf7SHLfaVOap42WtS5vtmsh1hmzkb7iJ4eBQNUviQx

=====================

Friends,

When I saw you talking about "offline" and "online" ID without me understanding what this meant, I tried to search and found some references in this forum stating that the IDs that end in "t1" are offline and the others are online .
However, a video that brought me to this forum was from a Brazilian who after having the same problem in August 2019 however with another type of encryption extension showing readme.txt where the personal ID does not end with "t1" and yes with "sandpaper". She used Emsisoft's software and it worked. This contradicts the information I saw and it is worth trying.

This is the video: https://www.youtube.com/watch?v=ZvKUbVACbII

Please try help me even so.

_readme.txt

Share this post


Link to post
Share on other sites
10 hours ago, Joeger said:

Your personal ID:
0203asdoeoOOdf7SHLfaVOap42WtS5vtmsh1hmzkb7iJ4eBQNUviQx

As @Demonslay335 already mentioned, this is an online ID, so decryption is currently impossible.

Share this post


Link to post
Share on other sites
On 2/12/2020 at 5:56 AM, GT500 said:

Wanting to persist in a solution, someone saw the video that I posted the link, how do they explain that the key that the person had worked?

On 2/13/2020 at 6:34 PM, Joeger said:

 

 

Share this post


Link to post
Share on other sites

@Joeger

Just because it is an offline key does not mean it is decryptable.  Every ID has a decryption key.  If we do not have the decryption key for your files in our database, then it is not possible to decrypt the files.

  • Like 1

Share this post


Link to post
Share on other sites
8 hours ago, Joeger said:

Wanting to persist in a solution, someone saw the video that I posted the link, how do they explain that the key that the person had worked?

The files in the video were encrypted by an older variant of STOP/Djvu, and it is possible to decrypt those with a little extra effort. Newer variants (such as .repp) use RSA keys, which we can't break, and thus decryption is impossible without first obtaining the private key.

Share this post


Link to post
Share on other sites

Taking comparative logic into account, for example, would the following circumstance be possible:
Take an encrypted "A" file and another "B" file exactly the same without encryption, then make "B" arrive at "A" and thereby obtain the sequencing logic or the key?

Share this post


Link to post
Share on other sites

No... that's called a plaintext attack, and is not possible with New Djvu. Every file is encrypted with a unique (securely generated) Salsa20 key, which is then protected by RSA. Feel free to lookup the feasibility of breaking the Salsa20 algorithm (yes, the malware properly uses all 20 rounds) or RSA-2048.

Share this post


Link to post
Share on other sites
On 2/15/2020 at 5:05 PM, Joeger said:

Taking comparative logic into account, for example, would the following circumstance be possible:
Take an encrypted "A" file and another "B" file exactly the same without encryption, then make "B" arrive at "A" and thereby obtain the sequencing logic or the key?

Our team members who analyze ransomware and work on decrypters have studied cryptography, and have a good working knowledge of what types of attacks do and do not work against various forms of encryption. If there were an easy way to get your files back, then they would implement it in our decrypter.

Share this post


Link to post
Share on other sites

I sincerely thank you for your comments, I will be saving the thumb drive in order to get it back.
Finally I spent a whole week trying to recover shadow and deleted files, certain that the virus had to create a new file to delete the old file. It was possible to find almost everyone and they didn't have the "repp" extension but they were all corrupted.
What remains for me to do is hope about what my friend "Emsisoft Support" said. Thank you very much.

Share this post


Link to post
Share on other sites

Many ransomwares will attempt to securely erase original copies of files after they have encrypted them in order to prevent recovery, and they will almost always clear the shadow copies as well.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.