Mrack0 0 Posted August 15, 2020 Report Share Posted August 15, 2020 Hi, my files got locked with extension .vari I'm getting error no variant for offline key atQpRfpTf6bEEYHQxofqkrbRZ6xrCH6OD1M6h6t1 Is there any way to decrypt my files? Thanks in advanced. Quote Link to post Share on other sites
Amigo-A 136 Posted August 15, 2020 Report Share Posted August 15, 2020 Attach a ransom note to your message, so that I can write this variant down. This is the result of an attack of new version of STOP Ransomware. It was only recorded today and could not be added to the decryptor. In the future, when the key for this variant is purchased by someone and provided to the developers of the decryptor, the files can be decrypted. You should check your PC for malware that ALWAYS remains after the STOP Ransomware and remove malware. You can use the tool from Emsisoft, scan Windows and attach a report to the message so that Emsisoft specialists can help you clean your PC. This is important, otherwise your PC will be attacked again and the files will be encrypted with a new variant that will never be decrypted. Quote Link to post Share on other sites
puspendu 0 Posted August 16, 2020 Report Share Posted August 16, 2020 My pc got infected yesterday. When I try to decrypt .vari file it showing the same message. Plz help how to decrypt .vari files Quote Link to post Share on other sites
plamen 0 Posted August 16, 2020 Report Share Posted August 16, 2020 Hi, I have the same problem and attach the log file from "EMSISOFT DECRYPTOR" for STOP Djvu - ver. 1.0.0.5. decryptor_log_20200816.txt Quote Link to post Share on other sites
Nafees ahmad 0 Posted August 16, 2020 Report Share Posted August 16, 2020 Hello I have the same problem my all files got encrypted by (.vari) i try to decrypt it with Emsisot ransomware decryption tool but it's not working. Quote Link to post Share on other sites
Jith Pillai 0 Posted August 17, 2020 Report Share Posted August 17, 2020 Please help I have the same problem too- Error: No key for New Variant offline ID: atQpRfpTf6bEEYHQxofqkrbRZ6xrCH6OD1M6h6t1 Notice: this ID appears be an offline ID, decryption MAY be possible in the future Quote Link to post Share on other sites
Amigo-A 136 Posted August 17, 2020 Report Share Posted August 17, 2020 2 hours ago, Jith Pillai said: atQpRfpTf6bEEYHQxofqkrbRZ6xrCH6OD1M6h6t1 Such a case may have a happy ending when the decryption key will loaded into the decryptor. So far, this is a new version of STOP Ransomware and the decryption key has not been bought by anyone yet to share. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Korid 0 Posted August 18, 2020 Report Share Posted August 18, 2020 Hello there, I am also facing problems with the attached ransomware Your personal ID: 0246regyjnkjddrtatQpRfpTf6bEEYHQxofqkrbRZ6xrCH6OD1M6h6t1 System PersonalID atQpRfpTf6bEEYHQxofqkrbRZ6xrCH6OD1M6h6t1. The only was that we will be able to get back our files is if someone pays the ransom and the key is added to the database, or are there hopes that this problem will be resolved in time? Thanks in advance for your time and effort. Quote Link to post Share on other sites
Amigo-A 136 Posted August 18, 2020 Report Share Posted August 18, 2020 On 8/18/2020 at 6:16 AM, Korid said: The only was that we will be able to get back our files is if someone pays the ransom and the key is added to the database Yes, this is the only case so far. The page 'Hot-STOP' contains a list of all versions and an indication of what was decrypted with the offline key. .gero, .hese, .geno, .xoza*, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot*, .noos, .kuub, .reco, .bora, .leto*, .nols, .werd, .coot, .derp, .nakw*, .meka, .toec, .mosk, .lokf, .peet, .grod, .mbed, .kodg, .zobm, .rote*, .msop, .hets, .righ, .gesd*, .merl*, .mkos, .nbes, .piny*, .redl*, .kodc*, .nosu*, .reha, .topi, .npsg*, .btos*, .repp, .alka, .bboo*, .rooe*, .mmnn*, .ooss*, .mool*, .nppp, .rezm*, .lokd*, .foop*, .remk, .npsk, .opqz, .mado, .jope*, .mpaj*, .lalo*, .lezp*, .qewe*, .mpal*, .sqpc*, .mzlq*, .koti*, .covm, .pezi*, .nlah*, .kkll*, .zwer*, .nypd*, .usam, .tabe, .vawe, .moba*, .pykw*, .zida*, .maas, .repl*, .kuus*, .erif*, .kook*, .nile*, .oonn*, .vari*, The * sign indicates that the decryption key has not yet been received. You can see that for some earlier versions did not receive the decryption key. The percentage of decryption of newer versions is small. Waiting can be occupied indefinitely. Quote Link to post Share on other sites
GT500 859 Posted August 18, 2020 Report Share Posted August 18, 2020 4 hours ago, Korid said: Your personal ID: 0246regyjnkjddrtatQpRfpTf6bEEYHQxofqkrbRZ6xrCH6OD1M6h6t1 This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Korid 0 Posted August 18, 2020 Report Share Posted August 18, 2020 I just wanted to ask the following... Your team actually discourages us from paying the ransom but at the same time you do tell us that the only way we are going to get our files back is through the generated key that will be sold to us by the Ransomware creators. So currently my only hope of getting my files back is the really really slight chance of someone actually paying the hundreds of dollars they are asking AND the crooks actually being nice enough to provide us with the key, which then the aforementioned buyer will be nice enough to share with you( assuming he actually knows about the decryptor) and then finally to run the decryptor using the key so that my files are decrypted? Sounds like a long shot... Any practical other tutorials... I don't know something like a deep analysis and restoring of my whole system to the day before the encryption will have any effect whatsoever? Thanks in advance for your time and effort!! Quote Link to post Share on other sites
GT500 859 Posted August 18, 2020 Report Share Posted August 18, 2020 11 hours ago, Korid said: Any practical other tutorials... I don't know something like a deep analysis and restoring of my whole system to the day before the encryption will have any effect whatsoever? For most files there's nothing else that can be done. Like most other ransomware, STOP/Djvu attempts to clear restore points so the System Restore can not be used to restore old copies of files. Some larger files can be recovered, however there will be a small amount of missing data at the beginning of the files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Korid 0 Posted August 19, 2020 Report Share Posted August 19, 2020 If I restore my computer to an earlier point ( august 8th while this attack took place at 16th of August) will my files become available or not? There is a system restore point at that point Quote Link to post Share on other sites
Mohsen 0 Posted August 19, 2020 Report Share Posted August 19, 2020 I have The same problem. My filllleeesss 😭 Quote Link to post Share on other sites
GT500 859 Posted August 20, 2020 Report Share Posted August 20, 2020 19 hours ago, Korid said: If I restore my computer to an earlier point ( august 8th while this attack took place at 16th of August) will my files become available or not? There is a system restore point at that point There shouldn't be any restore points to restore to. As I said, the ransomware clears them, meaning they are deleted. There are rare times when this fails, however there is no guarantee that the System Restore saved backups of any of your files to begin with, so even if the ransomware did fail to clear the System Restore points the odds of restoring the majority of your files this way are low. Quote Link to post Share on other sites
GT500 859 Posted August 20, 2020 Report Share Posted August 20, 2020 12 hours ago, Mohsen said: I have The same problem. My filllleeesss 😭 This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
SimCom 0 Posted August 20, 2020 Report Share Posted August 20, 2020 Good day to you. Is there any solution for an online ID, or can there be a solution if we wait? Thank you for your response. Quote Link to post Share on other sites
miricky 0 Posted August 20, 2020 Report Share Posted August 20, 2020 On 8/18/2020 at 2:16 AM, Korid said: The only was that we will be able to get back our files is if someone pays the ransom and the key is added to the database, or are there hopes that this problem will be resolved in time? I think to get this through quickly for everyone, emissoft can crowd-source the ransom fee from those affected by the virus; use it to pay and get the keys. Quote Link to post Share on other sites
GT500 859 Posted August 21, 2020 Report Share Posted August 21, 2020 18 hours ago, SimCom said: Is there any solution for an online ID, or can there be a solution if we wait? If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. For now there's nothing that can be done about online ID's. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
GT500 859 Posted August 21, 2020 Report Share Posted August 21, 2020 16 hours ago, miricky said: I think to get this through quickly for everyone, emissoft can crowd-source the ransom fee from those affected by the virus; use it to pay and get the keys. We only make decrypters and provide technical support. We don't attempt to negotiate with criminals, and we don't attempt to pay ransoms. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.