SimiK 0 Posted September 29, 2020 Report Share Posted September 29, 2020 Hi, My cousin's files got encrypted after he downloaded a software and the file extensions have all changed to .copa Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID? Thanks, Simran Quote Link to post Share on other sites
GT500 854 Posted September 30, 2020 Report Share Posted September 30, 2020 6 hours ago, SimiK said: Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID? This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ You can post the ID here if you want me to let you know if it's online or offline. Quote Link to post Share on other sites
SimiK 0 Posted October 1, 2020 Author Report Share Posted October 1, 2020 Hi, I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID. Another strange thing is, my cousin says that some files are .mado but most are .copa extensions. Have you come across a situation like this before? Thanks, Simran Quote Link to post Share on other sites
GT500 854 Posted October 2, 2020 Report Share Posted October 2, 2020 7 hours ago, SimiK said: Have you come across a situation like this before? It usually means that more than one variant of STOP/Djvu has infected the computer. The variant that used the extension .mado was first seen in March, and was probably replaced by another one in early April. 7 hours ago, SimiK said: I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID. The decrypter will tell you the ID for each file. The ransomware adds the ID used to the end of each encrypted file, so it's not necessary to get it from the ransom notes.https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Quote Link to post Share on other sites
nagoo1 0 Posted October 9, 2020 Report Share Posted October 9, 2020 i have the same .copa ransomware the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB is there a solution for that? or is it impossible? it locked a lot of really important memories for me as well as some work documents. i really hate these people Quote Link to post Share on other sites
GT500 854 Posted October 10, 2020 Report Share Posted October 10, 2020 8 hours ago, nagoo1 said: the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
BugsBunny 0 Posted October 13, 2020 Report Share Posted October 13, 2020 Hi guys, My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt?? Quote Link to post Share on other sites
GT500 854 Posted October 14, 2020 Report Share Posted October 14, 2020 17 hours ago, BugsBunny said: My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt?? No, that one's fairly new and we don't have a private key for it yet. Quote Link to post Share on other sites
erick 0 Posted November 3, 2020 Report Share Posted November 3, 2020 This is my ID : offline ID: 5sHsKew2XYnEguRaSVYIA8rudOB16MVLvPgGIOt1 Please help me to decrypte for extension " .copa " Show Guide to do it. Thanks nick name GT500. Quote Link to post Share on other sites
GT500 854 Posted November 4, 2020 Report Share Posted November 4, 2020 19 hours ago, erick said: offline ID: 5sHsKew2XYnEguRaSVYIA8rudOB16MVLvPgGIOt1 This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ 1 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.