Jump to content

No key for New Variant online ID


Recommended Posts

Quote

 

Hello ,

 

Welcome to the Emsisoft Support Forums.

 

I understand it is frustrating, but currently, we cannot decrypt files that we do not have the Private Encryption Key in our Database.

 

There's the possibility that law enforcement may be able to catch the criminals and release their database of private keys, meaning that you could try again using tool in few weeks in case something changed.

 

We do not recommend paying the ransom unless there is absolutely no other choice. 22% of those who paid a ransom never got access to their data. 9% said they got hit with additional ransom demands after paying. We’re talking about criminals, after all.

 

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

 

Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data.

 

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/

 

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/

 

Please consider subscribing to a reliable anti-malware application to avoid similar issues in the future.

 

You can get our full version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/pricing/

 

I know it’s a big loss for you. We are glad to offer this service for free and help as much as we can, but there is not always an immediate resolution for all the cases.

 

 

The question there is is there a chance this gonna fixed real soon :( ? Everytime i saw these encrypted files it makes me depressed :( . I hate to say, I would go through these unbelievable mood swings ... I never attempted suicide, but I have had suicidal thoughts ... The biggest challenge is there are many days I feel like a douche. Anyway I'm sure there is a hope....

Link to comment
Share on other sites

3 hours ago, Kevin Zoll said:

See this post by Amigo-A

A new version:

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way...

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the encryptor. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office.

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

Quote

 

A new version:

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way...

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the encryptor. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office.

An alternative method for other files has not yet been found.

 

 

I guess i'll have to wait in case if there's a update :rolleyes:. Tnx :D!

Link to comment
Share on other sites

@Jorge MirandaOur recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

 

Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data.

 

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/

 

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/

  • Like 1
Link to comment
Share on other sites

Hello @diancoxz,

 

Welcome to the Emsisoft Support Forums.
 

I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU).

 

Please read this Topic. It contains information about your situation and whether or not your files can be decrypted.

https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  • Like 1
Link to comment
Share on other sites

-----BEGIN PRIVATE KEY-----

MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC3o1EdFgHqpSNB

LWoTeHUvhHfQFE+NPBSpwP4t2B90ifXU/iPa1BpXC6UWXKGG/r9C+PYMTTGH0uoU

fHa+D91iRuwt3s0V3IPelqlpb4DCAScveYrUBHNNgufV5UsHFiKI2XUfWDkJoCDj

7nth9wcG2/vwHG7YVYEMPnWZZDlS7afMgAFQ8T5TwIEtNrDfLPiKnwHjvtv6+rJR

HD3ODQJWwDkLDApp6UN3V/K0vxEZ5GK5ebcBJOdrUgMQJRTtT3v2Ffval/mEvKXv

rtnWP8rf6cDJh5D3VPMbjumpb3Mon07kWOJGFDOk3r7awNTMp/TQZfdsCpDOATX2

4vdy67+hAgMBAAECggEAHU83twi4LZdF1TVGZO0o5vihlthnCge41I81AmQoQRVz

4xbc6iRIP/Rf2P3X2g/2vt21h6kaaq9DJRnoadVmZDUlpPyWhxK3CWPKjkV5q307

n9wqSESdkpV+IymBnBPwVx8+Dk6qa9re5QI/NxeSS4n44A3psyWSfz3Izz6r14xJ

jyrIjMm0m0jkStBGPStHTsmqcUAXxZibaeNwTFTIp9wiARnDv4mpWm8an8XiHoIq

nGCQvZgOQMjzJpSOiCROE8f6NX12PaYVmcsFYZGLBvNAKWbMrAuT6UgrGqFKWkGF

9AEbjEqXWhbZZ6H3xb33LoWLW5GdY8yBBc1GJwDTMQKBgQDmwIca3RTT5Mz3605F

XThttCY5wrSu73BrUWemJ1rEJm32G6uEQYlSYe4EG2evZT5di3M+x+kt8e8Ox3A/

9UntKInFqIs1+6NIA0tmHHMjqTiRn7aJZpE7kCnF+lSlAPFGy6wPNSfFfiX2dWmV

kHkE4S+l3TnGMzfoFxikpz7/ewKBgQDLuxnl+T0zlkTmEh7TJRyrF9fPNENrqFyI

65EZqeZ+4fwRE0+RMCwI3sa2VfnYDaEyJmjUGIQr/idvQPrNBahnWTIyJVTSiRdU

VR9vHDZE6cmVDtKLjv8LIJZ4S9PnbGgHw+tkNnarUfA0acLyr9rSQoEp4ef4MJ6y

8fFipelkkwKBgQCrGalUhwgRkn9VebpA/r1/wuvxOmmlqU+vk94KOvY3qdMxgRTt

7XZ4irrlerioOqdCz8s1iyBg/Brp14JpOmWFn+CAmtgWwC8zj5XR8liB4dFbUZUV

TuNzyhLfhR5Md2VwvEcpw51o+IAHvsn6p/TEZIFjOKXFTGcxBic0t/qjjwKBgQCm

KoO0E/Y79itZ75ueoZ1hWwAVK052J4rZzjC52t55zL33+2UhSUYRMgqnOzadZnh8

W+GSZDChZRkq37fvstao/JI5XkNxuIkDqq4JxNvqlzhoT/+f/lC89aZklYxPLBcp

hj2ereFaWGlvhneP06jJZ57L10qJHrbBwx4bVLEo6wKBgQClA42b6Oe4NSmzA/PD

0ymVUIkGAZ+QtHVQwkHlmlPLvDUUwrLITz7pf4eTziKbpW+Cbzwx0iIQcMWWml+L

GZUVGj47B3r5qsae5tjmvydLjzi4rT5tyW1R88sxy9FT7XIkNWgto9KfgomOQobO

A+wX+ZkqmWsnZ+xE4hBlZY7Bow==

-----END PRIVATE KEY-----

 

i contract with a friend and he unlock all my locked files (all my files had .orkf) so try to add this key to your database for others files

  • Like 2
Link to comment
Share on other sites

On 9/5/2021 at 4:41 PM, LazarosPG1 said:

-----BEGIN PRIVATE KEY-----

MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC3o1EdFgHqpSNB

LWoTeHUvhHfQFE+NPBSpwP4t2B90ifXU/iPa1BpXC6UWXKGG/r9C+PYMTTGH0uoU

fHa+D91iRuwt3s0V3IPelqlpb4DCAScveYrUBHNNgufV5UsHFiKI2XUfWDkJoCDj

7nth9wcG2/vwHG7YVYEMPnWZZDlS7afMgAFQ8T5TwIEtNrDfLPiKnwHjvtv6+rJR

HD3ODQJWwDkLDApp6UN3V/K0vxEZ5GK5ebcBJOdrUgMQJRTtT3v2Ffval/mEvKXv

rtnWP8rf6cDJh5D3VPMbjumpb3Mon07kWOJGFDOk3r7awNTMp/TQZfdsCpDOATX2

4vdy67+hAgMBAAECggEAHU83twi4LZdF1TVGZO0o5vihlthnCge41I81AmQoQRVz

4xbc6iRIP/Rf2P3X2g/2vt21h6kaaq9DJRnoadVmZDUlpPyWhxK3CWPKjkV5q307

n9wqSESdkpV+IymBnBPwVx8+Dk6qa9re5QI/NxeSS4n44A3psyWSfz3Izz6r14xJ

jyrIjMm0m0jkStBGPStHTsmqcUAXxZibaeNwTFTIp9wiARnDv4mpWm8an8XiHoIq

nGCQvZgOQMjzJpSOiCROE8f6NX12PaYVmcsFYZGLBvNAKWbMrAuT6UgrGqFKWkGF

9AEbjEqXWhbZZ6H3xb33LoWLW5GdY8yBBc1GJwDTMQKBgQDmwIca3RTT5Mz3605F

XThttCY5wrSu73BrUWemJ1rEJm32G6uEQYlSYe4EG2evZT5di3M+x+kt8e8Ox3A/

9UntKInFqIs1+6NIA0tmHHMjqTiRn7aJZpE7kCnF+lSlAPFGy6wPNSfFfiX2dWmV

kHkE4S+l3TnGMzfoFxikpz7/ewKBgQDLuxnl+T0zlkTmEh7TJRyrF9fPNENrqFyI

65EZqeZ+4fwRE0+RMCwI3sa2VfnYDaEyJmjUGIQr/idvQPrNBahnWTIyJVTSiRdU

VR9vHDZE6cmVDtKLjv8LIJZ4S9PnbGgHw+tkNnarUfA0acLyr9rSQoEp4ef4MJ6y

8fFipelkkwKBgQCrGalUhwgRkn9VebpA/r1/wuvxOmmlqU+vk94KOvY3qdMxgRTt

7XZ4irrlerioOqdCz8s1iyBg/Brp14JpOmWFn+CAmtgWwC8zj5XR8liB4dFbUZUV

TuNzyhLfhR5Md2VwvEcpw51o+IAHvsn6p/TEZIFjOKXFTGcxBic0t/qjjwKBgQCm

KoO0E/Y79itZ75ueoZ1hWwAVK052J4rZzjC52t55zL33+2UhSUYRMgqnOzadZnh8

W+GSZDChZRkq37fvstao/JI5XkNxuIkDqq4JxNvqlzhoT/+f/lC89aZklYxPLBcp

hj2ereFaWGlvhneP06jJZ57L10qJHrbBwx4bVLEo6wKBgQClA42b6Oe4NSmzA/PD

0ymVUIkGAZ+QtHVQwkHlmlPLvDUUwrLITz7pf4eTziKbpW+Cbzwx0iIQcMWWml+L

GZUVGj47B3r5qsae5tjmvydLjzi4rT5tyW1R88sxy9FT7XIkNWgto9KfgomOQobO

A+wX+ZkqmWsnZ+xE4hBlZY7Bow==

-----END PRIVATE KEY-----

 

i contract with a friend and he unlock all my locked files (all my files had .orkf) so try to add this key to your database for others files

Is this work to decrypt the online ID? 

Anyone try this before?

  • Like 1
Link to comment
Share on other sites

On 9/10/2021 at 12:20 AM, Kevin Zoll said:

Online ID Private Encryption keys are unique,  Meaning one Private Key for each Online ID.  You cannot use someone else's Online ID Private Key or an Offline ID Private Key to decrypt your files that have an Online ID.

*sigh -_-, oh boy this is gonna be a long waiting game for me <_<. But i don't care, i love it :D. You have my support guys at Emsisoft, go hunt that SOB who locked my precious files :thumbs:. I might gonna help one of these days :rolleyes:....

 

God speed!

Link to comment
Share on other sites

On 8/25/2021 at 3:04 AM, Amigo-A said:

You have no other way out of the problem.

You do not need to look for ANOTHER Decryptor somewhere, it is not and will not be in the nearest year. All other sites that offer to decrypt files are lying or are colluding with extortionists. 

Why I say this is because I know.
I have been monitoring the malicious activity of this STOP Ransomware for the fourth year now. I know where they are from, who is helping them and where part of the ransom goes. They are well covered and Interpol will not receive a command from above and does not authorize an arrest. 

How do you know who they work for? and why doesn't the police and government take them down and locate the command and control server and release the private keys so people's files are restored? is it possible the cybercriminals are working together with the police? Where are they located? I heard most of them originate from russia. In the meantime, what can we do about our files? because I am thinking of storing encrypted files with .pcqq files into a seperate external hard drive. Should I also place these files in microsoft onedrive? or will the virus spread within onedrive ? Also, should I delete _readme.txt files inside some of the folders? is that supposed to be a virus. When i try to open some of them, there is a message saying I need administrator privilege. One more thing, what exactly should I do with files encrypted with .pcqq files like in a detailed explanation? I have like 6 external hard drives and a box account, onedrive with 2 TB of storage so I have plenty of hardware for backups but exactly how do I proceed with backing up my system, clone my current hard drive using acronis true image? or using any other softwares etc..etc...

  • Like 1
Link to comment
Share on other sites

Because these criminals operate in countries that turn a blind eye to their activities, as long as they do not target systems inside said country.  Until these countries stop providing a safe haven for these criminals to operate from, this is not going to stop any time soon.

  • Upvote 1
Link to comment
Share on other sites

15 minutes ago, Kevin Zoll said:

Because these criminals operate in countries that turn a blind eye to their activities, as long as they do not target systems inside said country.  Until these countries stop providing a safe haven for these criminals to operate from, this is not going to stop any time soon.

What countries do these cybercriminals operate from ? Do the private keys these cybercriminals store in their C&C servers ever get deleted so that ordinary people NEVER get their files back ? What do i do with the .pcqq files i have now ?

Link to comment
Share on other sites

China, Romania, Russia, and Turkey are just 4 such countries.  Criminals don't care about your data, they only care about how big their bank accounts are.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

 

Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data.

 

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/

 

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/

  • Like 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...