Jump to content

this ID appears to be an online ID, decryption is impossible


Ninja Boy
 Share

Recommended Posts

On 4/1/2020 at 10:34 AM, GT500 said:

There's the possibility that law enforcement may be able to catch the criminals or otherwise gain access to their servers and release their database of private keys for use in decrypters. In case this happens I recommend keeping a backup of your encrypted files so that you have them in a safe place.

Hello I'm also one of the victim for this criminal. And it's still online ID...

How we can report to the law enforcement about my ransomware problem? Will it help them to catch the criminals?

This is the online ID

Error: No key for New Variant online ID: aTsUHzKMaO4CxoFqqIhzeDs4k06oHtUvgkZBNPr8
Notice: this ID appears to be an online ID, decryption is impossible

Link to comment
Share on other sites

2 hours ago, Giffui said:

How we can report to the law enforcement about my ransomware problem? Will it help them to catch the criminals?

This ransomware has been attacking users all over the world for 3.5 years. At least 100 thousand victims in different countries. There have already been many statements in different countries. Initially 'STOP Ransomware' variants were run distributed from Ukraine, cybercriminals have good cover and stable server. For the purpose of deception, cybercriminals use the Russian language and Russian words written in English letters, domains registered through Russian or foreign registrar companies are also used. The extortionists have accomplices in other countries as well. 
Interpol and Europol will not launch an investigation until they receive direction from management. The police will not make arrests until they receive an order from the leadership. None of them will move until they get kicked directorate.

There are no high-profile reports from the law enforcement agencies of European countries, Europol and Interpol, apparently, they did not receive any instructions for the search and arrest of the extortionists. There is no hope that they will ever look for them without receiving direction from management, or very few requests from victims to initiate an investigation. 

Perhaps it is beneficial to someone, someone to receive a "legal" ransom from the amount of paid ransoms. 

Link to comment
Share on other sites

2 hours ago, Giffui said:

Error: No key for New Variant online ID: aTsUHzKMaO4CxoFqqIhzeDs4k06oHtUvgkZBNPr8
Notice: this ID appears to be an online ID, decryption is impossible

In this way, the decryptor reports that it cannot decrypt the files.

Save encrypted files in secure storage, for example, on an external drive and disconnect it from the PC. 

It is possible that in the future there will be a different decryption method or the extortionists will publish decryption keys so that files can be decrypted en masse. 

If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp 

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Link to comment
Share on other sites

@fareeda You look to have been hit by two separate encryption attacks.

@shiv__papayour id is an Online ID.

Unfortunately, we no longer have any method to decrypt STOP(DJVU) unless the encryption occurred some time ago, before the 29th of August 2019.

 

Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.

 

Link to comment
Share on other sites

Hello @fareeda

Hello @shiv__papa

This 'STOP Ransomware' enters the PC due to the fact that it is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an 'info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.
Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ 

Link to comment
Share on other sites

After you scan your PC and clean it of malicious files, you can move on to the next step. 

I recommend this method only when there is no other way, or when the affected user cannot wait long ... You decide what action to take.

If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp 

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found. 

Link to comment
Share on other sites

6 hours ago, KrishMate said:

My system id: LTYv5JAYPKU9SqYbMp9sbHbkMoA4JlKc46dTaLt1

Do anyone know the decryptor for this

Virus name is .leex 

You have an offline ID. WHEN/IF Emsisoft is donated the offline/private key by a victim of this variant who has paid the ransom, you will be able to decrypt your files. 

In the meantime, secure the encrypted files on an external HD for safe-keeping. Run the Emsisoft decrypter on a testbed of encrypted files every week or so to check. Emsisoft doesn't announce donated keys. 

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

This happened to me some months ago, yet I am still unable to decrypt the files.

Error: No key for New Variant online ID: xasgKb2fJrNDHwMcZJUf1Hrk3ukfBxB5rLf60MQ1
Notice: this ID appears to be an online ID, decryption is impossible

The files are .qlkm

I cannot help but wonder: Is it realistic that a decryptor can be developed in a relatively near future that could fix files encrypted using online keys?

Link to comment
Share on other sites

Hello @pavoldanko258

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

Link to comment
Share on other sites

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way. You decide what action to take.

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

@sas1975

I recommend this following method only when there is no other way. You decide what action to take.

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

File: E:\Recovered data 08-03 10_53_08\Deep Scan result\Lost Partition2(NTFS)\Other lost files\Users\amica\Desktop\FROM FLASHDRIVE Black\BICOL COLLEGE ELEM. SCHOOL\sf2 august.odt.hhqa
Error: No key for New Variant online ID: Z7uPqjVCNF7oq0m69emhp2I6RWLs4kcLARuEi3Hq
Notice: this ID appears to be an online ID, decryption is impossible
 

Link to comment
Share on other sites

On 8/4/2021 at 12:25 PM, gayuti said:

an online ID, decryption is impossible

This is probably true. Decryption is impossible, but it is recommended to save the files for the future, perhaps something will change and it will be possible to decrypt the files.
It is not recommended to try other decryptors, they can damage files permanently. 

If some person or some site offers you to decrypt files after this encryptor, then they are lying or are in collusion with the extortionists. Be careful not to fall prey to extortion or scammers a second time.

Link to comment
Share on other sites

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

Link to comment
Share on other sites

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way. You decide what action to take.

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

@Minoka

I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). I invite you to try with our friends at BleepingComputer, they may be able to help you: https://www.bleepingcomputer.com/


Here’s the link to their forums: https://www.bleepingcomputer.com/forums/

Link to comment
Share on other sites

21 hours ago, Minoka said:

online ID, decryption is impossible

Hello. 

Yes, it is probably true. The Emsisoft Decryptor defines this fact very accurately. 

What to do? Everything is lost?
No. It is recommended that you save the encrypted files to an external drive. It is possible that in the future the decryption method will change or the extortionists will publish the decryption keys. There have been several such unexpected cases recently when others extortionists shut down their ransomware projects and published decryption keys and master keys for everyone who got encrypted. The percentage of such happy cases is small, but it still exists. 

Next, I'll tell you what you need to do now, immediately, and what you can try after that.

Link to comment
Share on other sites

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.

There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

Link to comment
Share on other sites

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way...

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...