Ravock Posted March 11, 2020 Report Share Posted March 11, 2020 Hello. I've created a topic last week about a friend who had their files encrypted by a ransomware. Later, I found out that the files were encrypted using an online key and decryption is impossible. Now, they want me to format their PC so they can at least have a clean system to start over, but they also want me to save the encrypted files. Is it ok for me to save them? I'll copy them to an external HDD and move them back to their PC when I'm done. I've ran Malwarebytes a couple times and the system seems clean. Thanks for the help! Link to comment Share on other sites More sharing options...
Amigo-A Posted March 11, 2020 Report Share Posted March 11, 2020 Attach a ransom note and several encrypted files to message. Link to comment Share on other sites More sharing options...
Demonslay335 Posted March 11, 2020 Report Share Posted March 11, 2020 The encrypted files themselves are not infectious or anything. It's always recommended to archive encrypted files in that case in hopes of something changing in the future; unfortunately with STOP Djvu and the new variants with online keys, your only chance will be if the criminals are caught and their private RSA keys seized by law enforcement. Link to comment Share on other sites More sharing options...
Ravock Posted March 15, 2020 Author Report Share Posted March 15, 2020 On 3/11/2020 at 8:32 PM, Demonslay335 said: The encrypted files themselves are not infectious or anything. It's always recommended to archive encrypted files in that case in hopes of something changing in the future; unfortunately with STOP Djvu and the new variants with online keys, your only chance will be if the criminals are caught and their private RSA keys seized by law enforcement. Yeah, these online keys really suck... I do hope they manage to arrest the criminals, those files meant a lot to my friend... Anyway, thanks for the info. I've saved their files and filed a report as well. Link to comment Share on other sites More sharing options...
nadine021 Posted May 24, 2020 Report Share Posted May 24, 2020 On 3/12/2020 at 7:32 AM, Demonslay335 said: The encrypted files themselves are not infectious or anything. It's always recommended to archive encrypted files in that case in hopes of something changing in the future; unfortunately with STOP Djvu and the new variants with online keys, your only chance will be if the criminals are caught and their private RSA keys seized by law enforcement. Hi, I just want to know if there were any circumstances before that the criminals were actually caught and the key for online ID was retrieved? Link to comment Share on other sites More sharing options...
GT500 Posted May 25, 2020 Report Share Posted May 25, 2020 16 hours ago, nadine021 said: Hi, I just want to know if there were any circumstances before that the criminals were actually caught and the key for online ID was retrieved? It hasn't happened for the STOP ransomware, however there have been cases of it happening with other ransomwares. There have also been cases where criminals have decided to quit making/distributing ransomware, and have released their private keys themselves (keep in mind that this is rare). Link to comment Share on other sites More sharing options...
Recommended Posts