Jump to content

Is there any improvement about .rezm encryption?


Recommended Posts

On 3/7/2020 at 4:41 PM, yigityzc said:

Hello, Is there any improvement on decrypting files with .rezm?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

On 3/7/2020 at 4:41 PM, yigityzc said:

Another question is what is online identity?

If you mean an "online ID", then it means the ransomware was able to connect to its command and control servers. When that happens the command and control servers generate a unique ID, public key, and private key for each computer the ransomware infects. The ID and public key are then sent to the ransomware running on the infected computer, and used during encryption. The private key (required for decryption) is stored in a database and never leaves the command and control server, which is why we can't decrypt files that have an online ID.

Link to comment
Share on other sites

16 hours ago, saeid.manutd said:

Hello. Does the "online ID" feature remain for ever? Does it change to offline ID by passing of time?

It wouldn't matter if your ID changes. It's just a randomly generated code used to identify your computer so that they know who is paying the ransom. Once your files are encrypted with a public key, nothing can change that until you can use the private key to decrypt them.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...