Sign in to follow this  
allenpaul

decrypting files from ransomware attack of covm

Recommended Posts

recently i have been attacked by ransomware covm virus and i have deleted the virus and tried to recover the files by using emsisoft software and it shows this ''Error: The remote name could not be resolved: 'decrypter.emsisoft.com' '' kindly help me with this problem as soon as possible

Share this post


Link to post
Share on other sites
2 hours ago, allenpaul said:

recently i have been attacked by ransomware covm virus and i have deleted the virus and tried to recover the files by using emsisoft software and it shows this ''Error: The remote name could not be resolved: 'decrypter.emsisoft.com' '' kindly help me with this problem as soon as possible

You must be connected to the internet when running the Emsisoft decrypter. It has to check with the Emsisoft server for recovered offline keys.

Share this post


Link to post
Share on other sites

i connected net while running emsisoft now i am getting this message

Notice: this ID appears be an offline ID, decryption MAY be possible in the future

Share this post


Link to post
Share on other sites
6 hours ago, allenpaul said:

i connected net while running emsisoft now i am getting this message

Notice: this ID appears be an offline ID, decryption MAY be possible in the future

That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key.

Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries.

Suggest you run the decrypter NOW.

Edited by cybermetric
Update
  • Thanks 2

Share this post


Link to post
Share on other sites
On 5/27/2020 at 9:02 PM, cybermetric said:

That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key.

Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries.

Suggest you run the decrypter NOW.

 

Thank you sir

I tired it most of the files are decrypted but some files are not decrypted i tried multiple times but no result can you please help

Share this post


Link to post
Share on other sites
18 minutes ago, allenpaul said:

 

Thank you sir

I tired it most of the files are decrypted but some files are not decrypted i tried multiple times but no result can you please help

What does the decrypter say about those files?

Does it say this:  No key for New Variant online ID: brzGonoHEO8LfAV4n6zPrFprfPw6cMCbE5fDNTWy (just an example, yours will be different).
Notice: this ID appears to be an online ID, decryption is impossible

If so, the files were  encrypted by an online key and are not decryptable.

Share this post


Link to post
Share on other sites
2 hours ago, cybermetric said:

What does the decrypter say about those files?

Does it say this:  No key for New Variant online ID: brzGonoHEO8LfAV4n6zPrFprfPw6cMCbE5fDNTWy (just an example, yours will be different).
Notice: this ID appears to be an online ID, decryption is impossible

If so, the files were  encrypted by an online key and are not decryptable.

when i select the folder tried to decrypt the file

Starting...

Finished!

 

that all what i am getting but the file remains encrypted i have attached a file with this reply

COVM.covm

Share this post


Link to post
Share on other sites
1 hour ago, allenpaul said:

when i select the folder tried to decrypt the file

Starting...

Finished!

 

that all what i am getting but the file remains encrypted i have attached a file with this reply

COVM.covmUnavailable

That kind of a response from the decrypter usually indicates that the file is not encrypted.  

I cannot access the file - Emsisoft doesn't allow it.

Upload  it to sendspace or the equivalent and post the link here.

By the way, what kind of a file is this  COVM.covm?   You are missing the extension for the file type - pdf, doc, txt, and so on.

Why would you have a file named COVM.covm anyway?

Edited by cybermetric
Update

Share this post


Link to post
Share on other sites

@allenpaul:

The file you uploaded to Sendspace is NOT encrypted. If I remove the .covm extension and replace it with .jpg, the file dsplays a picture about YIFY-Torrents.com.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.