SimiK 0 Report post Posted September 29 Hi, My cousin's files got encrypted after he downloaded a software and the file extensions have all changed to .copa Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID? Thanks, Simran Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted September 30 6 hours ago, SimiK said: Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID? This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ You can post the ID here if you want me to let you know if it's online or offline. Quote Share this post Link to post Share on other sites
SimiK 0 Report post Posted October 1 Hi, I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID. Another strange thing is, my cousin says that some files are .mado but most are .copa extensions. Have you come across a situation like this before? Thanks, Simran Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted October 2 7 hours ago, SimiK said: Have you come across a situation like this before? It usually means that more than one variant of STOP/Djvu has infected the computer. The variant that used the extension .mado was first seen in March, and was probably replaced by another one in early April. 7 hours ago, SimiK said: I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID. The decrypter will tell you the ID for each file. The ransomware adds the ID used to the end of each encrypted file, so it's not necessary to get it from the ransom notes.https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Quote Share this post Link to post Share on other sites
nagoo1 0 Report post Posted October 9 i have the same .copa ransomware the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB is there a solution for that? or is it impossible? it locked a lot of really important memories for me as well as some work documents. i really hate these people Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted October 10 8 hours ago, nagoo1 said: the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
BugsBunny 0 Report post Posted October 13 Hi guys, My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt?? Quote Share this post Link to post Share on other sites
GT500 823 Report post Posted Wednesday at 04:44 AM 17 hours ago, BugsBunny said: My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt?? No, that one's fairly new and we don't have a private key for it yet. Quote Share this post Link to post Share on other sites
