Sign in to follow this  
Rivzer

Is there a way to decrypt a double ransom?

Recommended Posts

Hi.

Months ago i got hit by the STOPRansomware and some files got a double extension on them. Beside STOPRansomware i got hit too by the Gandcrab ransomware and my files got like this:

file.txt.blower.fwgyqk.blower

I tried the pair method but it didn't work. Are there any options?

 

 

Share this post


Link to post
Share on other sites
1 hour ago, Rivzer said:

Hi.

Months ago i got hit by the STOPRansomware and some files got a double extension on them. Beside STOPRansomware i got hit too by the Gandcrab ransomware and my files got like this:

file.txt.blower.fwgyqk.blower

I tried the pair method but it didn't work. Are there any options?

 

 

You don't have just a double encryption - you have a triple encryption, blower.fwgyqk.blower. If all of your files have that extension, it's unlikely that you will recover them.

Share this post


Link to post
Share on other sites
6 hours ago, Rivzer said:

Hi.

Months ago i got hit by the STOPRansomware and some files got a double extension on them. Beside STOPRansomware i got hit too by the Gandcrab ransomware and my files got like this:

file.txt.blower.fwgyqk.blower

I tried the pair method but it didn't work. Are there any options?

First and foremost, do you know what version of Gandcrab?

Also, when you run our STOP/Djvu decrypter, does it show you the ID for your encrypted files that end in .blower?

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

First and foremost, do you know what version of Gandcrab?

Also, when you run our STOP/Djvu decrypter, does it show you the ID for your encrypted files that end in .blower?

It is the 5.1 version

Yes, it shows: Unable to decrypt Old Variant ID: iNQZltY5oEpXvHrP0RCOZB4qz1z6FiwBgeb36xBb

Share this post


Link to post
Share on other sites
15 hours ago, Rivzer said:

Yes, it shows: Unable to decrypt Old Variant ID: iNQZltY5oEpXvHrP0RCOZB4qz1z6FiwBgeb36xBb

There's no guarantee we can do anything about this, however if you can attach some of the file pairs you tried then we can take a look at them and see why they aren't working.

 

15 hours ago, Rivzer said:

It is the 5.1 version

If we can get the first layer of STOP/Djvu taken care of then Gandcrab 5.1 should be decryptable (assuming there was no corruption due to multiple layers of encryption). Let's worry about the first layer of STOP/Djvu for now though, as we can't touch the Gandcrab encryption until we've dealt with that.

Share this post


Link to post
Share on other sites
7 hours ago, GT500 said:

You can submit file pairs at the following link:
https://decrypter.emsisoft.com/submit/stopdjvu/

More information about the STOP/Djvu decrypter is available at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

It doesn't work. It shows Invalid file pair; encrypted file incorrect size. That's why i made this post.

Share this post


Link to post
Share on other sites
11 hours ago, Rivzer said:

It doesn't work. It shows Invalid file pair; encrypted file incorrect size. That's why i made this post.

You'll need to use a different file pair.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.