Sign in to follow this  
BurnerFinger

On the topic of online ID...

Recommended Posts

File: C:\ProgramData\AVAST Software\Avastbackend.txt.vari
Error: No key for New Variant online ID: QCXaYUsWLoWgvDcEmn0mXYzdbE2pS8jF0ZopeEgf
Notice: this ID appears to be an online ID, decryption is impossible

This is just one in a string of thousands of nearly identical entries in my decrypt log. Long story short; I picked up a ransomware, and it encrypted much of my external hard drive. The software failed to decrypt any of the files, and I reckon that the reason for that is the online ID.

Now, I did read up a bit on the difficulties regarding the online ID's, but I'm in a real pickle. While I could do away with most of my encrypted files, a minority of them is either precious, extremely important, irreplaceable (unique versions that only existed in one place), or all of previously stated.

Paying the ransom is off the table, even if I had the money needed. So the only thing that can help me is the decryption software, and as it stands, because of the online ID, it's not able to. System restore and anti-malware managed to mend and restore the PC itself, but the external hard drive is, for the lack of better word, shagged. And since it's not a part of the system per se, I cannot perform a system restore on it.

The encryption happened several days ago. I know that calling this a long shot would be an understatement, but: is there a conceivable way that a case such as mine could be resolved within near future (a year or so)? Some of the files that were encrypted were instrumental to my work, and without them, I'll be set back for several years.

Thank you in advance for your response.

PS: this account was made for the explicit purpose of asking this question; as such, it was made with a burner e-mail address. Due to the aforementioned experience with ransomware, I've become careful to the point of paranoia, and I'd like to keep my "official" e-mail uninvolved in anything in near future. I hope you understand, and I thank you if you do.

 

Share this post


Link to post
Share on other sites
4 hours ago, BurnerFinger said:

The encryption happened several days ago. I know that calling this a long shot would be an understatement, but: is there a conceivable way that a case such as mine could be resolved within near future (a year or so)? Some of the files that were encrypted were instrumental to my work, and without them, I'll be set back for several years.

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

  • Upvote 1

Share this post


Link to post
Share on other sites

I keep a backup of the more important encrypted files. Once burned, twice as careful.

I do have to ask though: how will I know when the key is available? Should I just download the decryptor every now and then and run it, or...?

Share this post


Link to post
Share on other sites
9 hours ago, BurnerFinger said:

I do have to ask though: how will I know when the key is available? Should I just download the decryptor every now and then and run it, or...?

If private keys become available, then BleepingComputer will more than likely report on it. It will also be announced in the support topic for STOP ransomware on the BleepingComputer forums:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

  • Thanks 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.