Marcos Antonio

.topi extension ransomware

Recommended Posts

Help, my files are encrypted!

 

Hi, i am infected by .topi ransonware extension, so i remove the virus but the files still encrypted

Keys:

Vol2w7f14OATuVaGnKbXB9gFv0ivyQhSBG8aVy8A

gyTwIW8EFRyrHBHcn0bFVHerzI3NtAa14YK0kst1(OFFLINE KEY)

l7Sw4d0ND3mO4X0kenDa9vk0Rg2XHxtF0CBG21Qa

_readme:

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-UdTNsLeiJA
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0200a7d6a8sdal7Sw4d0ND3mO4X0kenDa9vk0Rg2XHxtF0CBG21Qa

 

when i run emisoft decryptor:

File: C:\logs\service_log.txt.topi
No key for New Variant online ID: l7Sw4d0ND3mO4X0kenDa9vk0Rg2XHxtF0CBG21Qa
Notice: this ID appears to be an online ID, decryption is impossible

 

 

Share this post


Link to post
Share on other sites

@Marcos Antonio

If our decryption tool states that the files cannot be decrypted, then they cannot be decrypted.

General Notes With Regards to STOP/DJVU

 

  1. If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted.  That is not an error message.
  2. If your file(s) have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files.  We do not have access to those keys.
  3. If your files(s) have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database.  Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key.
  4. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key.
  5. New Variant STOP/DJVU utilizes the RSA encryption algorithm.  RSA is considered a secure encryption method and is unbreakable using current technologies.  It is not reversible, cannot be cracked, and we are not able to generate a decryption key.  So do not send us encrypted files thinking we can recover your decryption key, we can't.

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

Share this post


Link to post
Share on other sites
14 hours ago, Marcos Antonio said:

Keys:

Vol2w7f14OATuVaGnKbXB9gFv0ivyQhSBG8aVy8A

gyTwIW8EFRyrHBHcn0bFVHerzI3NtAa14YK0kst1(OFFLINE KEY)

l7Sw4d0ND3mO4X0kenDa9vk0Rg2XHxtF0CBG21Qa

FYI: These aren't keys, they're ID's. They act to identify what public and private keys were generated for your files.

Share this post


Link to post
Share on other sites

Hello, 

I read all paper written by author and emsisoft team that this time TOPI ransomware encrypted by online key that can not be retrieve from present technology  .

so, My question is that they is no hope for recover the important files ?

or 

if they infected or encrypted lot of pc in present time , they any one/ team work on that project or not ? 

Edited by Aamir

Share this post


Link to post
Share on other sites
14 hours ago, Sam walker said:

so, My question is that they is no hope for recover the important files ?

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.