SS726529 1 Report post Posted February 19 my all data has been encrypted by .kodc kindly help me i want to recover only pdf files please help me _readme.txt ACFrOgAzLO3xTB874R0I-jiBT_oWvQyEFg6d6fzvrVXZhefWsoxFYvP2Skaw7uM8E_ZxS249YQ-J1fzCVzbx7bQAS1zXZVxL8p4NSM4vkcdkFQtnKcyVHWgiX-0XvV8=.pdf.kodc FIN-TAB-CRTMBSL-27-2019-T2-51338904.pdf.kodc FIN-TAB-SECRHQTM192048-51992754 NAGPUR BEAM.pdf.kodc FIN-TAB-TM20196016-51445329.pdf.kodc OFFER-VISHAL-113345-CRTMBSL-27-2019-T2-51338904.pdf.kodc OUTPUTPDF.pdf.kodc TECH-TAB-CRTMBSL-27-2019-T2-51338904.pdf.kodc TECH-TAB-SECRHQTM192048-51992754.pdf.kodc viewNitPdf_2834171.pdf.kodc viewNitPdf_2981395.pdf.kodc Quote Share this post Link to post Share on other sites
Kevin Zoll 309 Report post Posted February 19 Hello @SS726529, Thank you for contacting Emsisoft Support. KODC is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool. Despite that, I would like for you to run the STOP/DJVU decryption tool anyway. That will accomplish a couple of things. First, it will deactivate and remove any malware that was installed by the ransomware. This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup. Second, the decryption tool will determine the ID of the encrypted files. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files. Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the KODC variant of STOP/DJVU. General Notes With Regards to STOP/DJVU If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message. If your file(s) have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. We do not have access to those keys. If your files(s) have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key. New Variant STOP/DJVU utilizes the RSA encryption algorithm. RSA is considered a secure encryption method and is unbreakable using current technologies. It is not reversible, cannot be cracked, and we are not able to generate a decryption key. So do not send us encrypted files thinking we can recover your decryption key, we can't. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool. Quote Share this post Link to post Share on other sites
shashi upadhyay 0 Report post Posted February 20 File: F:\2018\5_May\06_05_18_Melvin_Wanorie\Wdding Photo\D18A9779.JPG.kodc No key for New Variant online ID: gawPpPdQ9NjBw3duHo35lG9IeooBAhatXpUIaCgE Notice: this ID appears to be an online ID, decryption is impossible ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-Oc0xgfzC7q Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0198nTsddgawPpPdQ9NjBw3duHo35lG9IeooBAhatXpUIaCgE Quote Share this post Link to post Share on other sites
GT500 812 Report post Posted February 20 3 hours ago, shashi upadhyay said: Your personal ID: 0198nTsddgawPpPdQ9NjBw3duHo35lG9IeooBAhatXpUIaCgE This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
SS726529 1 Report post Posted March 17 Till now i haven't found any solution instead of paying the money to ransomware gang. Although i have my fills so i will wait for the decryption tool as thees files are important but i'm not going to pay single bit coin. Also i want to pay special Thank's to Emsisoft Support Team for there valuable support. 1 Quote Share this post Link to post Share on other sites
