SimiK

.Copa Ransomware

Recommended Posts

Hi,

My cousin's files got encrypted after he downloaded a software and the file extensions have all changed to .copa

Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID? 

Thanks,

Simran

Share this post


Link to post
Share on other sites
6 hours ago, SimiK said:

Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

You can post the ID here if you want me to let you know if it's online or offline.

Share this post


Link to post
Share on other sites

Hi,

I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID. Another strange thing is, my cousin says that some files are .mado but most are .copa extensions. Have you come across a situation like this before?

Thanks,

Simran

Share this post


Link to post
Share on other sites
7 hours ago, SimiK said:

Have you come across a situation like this before?

It usually means that more than one variant of STOP/Djvu has infected the computer. The variant that used the extension .mado was first seen in March, and was probably replaced by another one in early April.

 

7 hours ago, SimiK said:

I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID.

The decrypter will tell you the ID for each file. The ransomware adds the ID used to the end of each encrypted file, so it's not necessary to get it from the ransom notes.
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Share this post


Link to post
Share on other sites

i have the same .copa ransomware

the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB

is there a solution for that? or is it impossible?

it locked a lot of really important memories for me as well  as some work documents. i really hate these people

Share this post


Link to post
Share on other sites
8 hours ago, nagoo1 said:

the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Hi guys,

My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt??

 

Share this post


Link to post
Share on other sites
17 hours ago, BugsBunny said:

My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt??

No, that one's fairly new and we don't have a private key for it yet.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.