Recommended Posts

I'm almost same status of you.  Fortunately, I have major part of backup data in external(Off-line) HD's.  Some data are rescued by "ShadowExplorer" from an internal HD.  In this case, the HD has enough space which might be more than 30~40%.  Since I have many couples of original and damaged (.remk) data, I sent a couple of sample data to "Data Restore(?) ".  They resposed and request a bit-coin of $500.-.  I don't like this.  I hope someone develop a method using couples of original and damaged (.remk) data.

Share this post

Link to post
Share on other sites
On 5/10/2020 at 1:31 PM, Matio223 said:

Please help me. My files have end .remk. I try everything. I very need this files, I really need help.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:

Share this post

Link to post
Share on other sites
18 hours ago, Matio223 said:

How do I get offline id?

ID's are assigned when the ransomware starts encrypting your files. If it is able to connect to its command and control servers, the servers generate a random ID and random private and public RSA keys, then it sends the ID and public key back to the ransomware on the infected computer for use in encrypting files. Since the private key never leaves the criminals' server, and since it is required for decryption, it is impossible to decrypt your files if they have an online ID.

Offline ID's are only used by the ransomware when it can't connect to its command and control servers, and files that have an offline ID can be decrypted once a victim with an offline ID pays the ransom and donates the private key to us.

Our STOP/Djvu decrypter will tell you which files have offline ID's and which files have online ID's. In the majority of cases, all files on a computer infected with the STOP/Djvu ransomware will have online ID's.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.