Aditya Patil

New Ransomeware .COVM not abel to decrypt files! HELP

Recommended Posts

On 21st may my all files get infected with .COVM extension ! And when I used the emisoft decryptor tool it saying ( its a offline key not abel to decrypt right not but may be in future we will abel to. some like this! Does any one have any idea what should I do to encrypt my filesh! 

Share this post


Link to post
Share on other sites
26 minutes ago, Aditya Patil said:

Thank you sir! I will be running the decryptor once every week! As you suggested! 

Run it now. The  offline key for the .covm variant has been recovered by Emsisoft.

Share this post


Link to post
Share on other sites

Wait, What! Really? Ok Ok I cant control myexcitement! But I was checking the Decryptor update in every hr! Ok letbit Can you please tell me about: 

I haven't connect my pc to internet after that attack happened and all my files get modiefied!

After that I did deep scan with premium antivirus so there will be no danger if i connected my pc to internet?

 

Share this post


Link to post
Share on other sites
3 minutes ago, Aditya Patil said:

Wait, What! Really? Ok Ok I cant control myexcitement! But I was checking the Decryptor update in every hr! Ok letbit Can you please tell me about: 

I haven't connect my pc to internet after that attack happened and all my files get modiefied!

After that I did deep scan with premium antivirus so there will be no danger if i connected my pc to internet?

 

There should be no danger. You have to be connected to the internet for the decrypter to do it's job. It has to contact the Emsisoft server which has the offline keys in its database.

Share this post


Link to post
Share on other sites
2 minutes ago, Aditya Patil said:

Ohh thank you so much! Can you share me the decryptor link for .covm offline keys! I means which version should I download?

The link is: https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

The latest version is 1.0.0.4. You don't have to download a new decrypter every time - it very seldom changes. The information about the offline keys is stored in the Emsisoft server, not in the decrypter.

Share this post


Link to post
Share on other sites
16 hours ago, Aditya Patil said:

Should I uncheck to keep encryted files 

That depends on how much free hard drive space you have, and whether or not you don't mind deleting all of the encrypted files on your own.

The reason to keep the encrypted files is just in case the decrypter fails to decrypt them. As long as you still have the encrypted files you can always try again.

Share this post


Link to post
Share on other sites

🤩I have recovered all my files I just wanted to say thank you everyone! That made this possible! Can I know where can a send personal greeting to emisoft and the all the artist who is doing this work! Please? I am really very for happy! 

Share this post


Link to post
Share on other sites

Hello. I have the same problem.... I use in my files emsisoft but this say: error en el servidor remoto (404) no se encontró... 

And other say: no se encontró (403) prohibido. 

Any have a solution for this? Thankyou so much 

 

Share this post


Link to post
Share on other sites
19 hours ago, Aditya Patil said:

🤩I have recovered all my files I just wanted to say thank you everyone! That made this possible! Can I know where can a send personal greeting to emisoft and the all the artist who is doing this work! Please? I am really very for happy! 

The decrypter was created by @Demonslay335 and you can send him a message on our forums if you'd like to thank him.

Please note that he won't answer requests for technical support or requests for help with decryption. I handle that for him. ;)

  • Haha 1

Share this post


Link to post
Share on other sites
10 hours ago, Angela pineda said:

Hello. I have the same problem.... I use in my files emsisoft but this say: error en el servidor remoto (404) no se encontró... 

And other say: no se encontró (403) prohibido. 

Any have a solution for this? Thankyou so much 

It appears to have been a Cloudflare issue, and was resolved about an hour later:
https://www.cloudflarestatus.com/incidents/gzrmb3r6zcxv

Please try the decrypter again, and let me know if it's working now.

Share this post


Link to post
Share on other sites

Hello for all!!! My computer is infected with .covm encryption but when I use EMSISOFT, the message that appears is "Notice: this ID appears to be an online ID, decryption is impossible". How can I decrypt my files? =(

Share this post


Link to post
Share on other sites
21 hours ago, Silvio Medeiros said:

Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

After I run the dercyptor, it shows the message:

No key for New Variant online ID: xbjvwGxYwjexkYQcffstv33UYNH5YHeyir53tgdo
Notice: this ID appears to be an online ID, decryption is impossible

Please help!!

Share this post


Link to post
Share on other sites

"Run it now. The  offline key for the .covm variant has been recovered by Emsisoft. "

After I have seen this I runned the program. I´m infected with the variant of .covm. Why isn´t working?

Share this post


Link to post
Share on other sites
On 5/25/2020 at 8:14 AM, GT500 said:

I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

I do not understand. I read that you write:

"Our decryption service can analyze the differences between an encrypted file and an original unencrypted copy of the same file, allowing it to determine how to decrypt that type of file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back".

So why can't you both compare and find out the cipher for this file type?

Share this post


Link to post
Share on other sites
18 hours ago, Javierok said:

No key for New Variant online ID: xbjvwGxYwjexkYQcffstv33UYNH5YHeyir53tgdo
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
17 hours ago, leonir said:

So why can't you both compare and find out the cipher for this file type?

The .covm variant of the STOP/Djvu ransomware uses RSA keys, which are not susceptible to this kind of attack.

Share this post


Link to post
Share on other sites

Hi

 

For me also it is online key.

No key for New Variant online ID: YHr4THVbDQ5AwKnLY9IIEcyyJleTYso6Z8cYamDN
Notice: this ID appears to be an online ID, decryption is impossible.

as i can see they are different variant online id for different users. In case if decryption available for online key in future from Emsisoft Will it be able to decrypt all the online id? or each one will be different in their own way. 

 

Thank you so much Emsisoft  for your service. hope we will be able to get online id soon. :)

Share this post


Link to post
Share on other sites
On 6/21/2020 at 1:46 PM, Sri kannan said:

In case if decryption available for online key in future from Emsisoft Will it be able to decrypt all the online id?

That would only be possible if the database of private keys kept by the criminals gets released publicly.

Share this post


Link to post
Share on other sites
2 hours ago, Tshiamiso said:

What if its an online key for .covm?

Will it still work

We don't currently have any way to obtain private keys for online ID's, so our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.