.Copa Ransomware

[SimiK 0]

Hi,

My cousin's files got encrypted after he downloaded a software and the file extensions have all changed to .copa

Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID? 

Thanks,

Simran

[GT500 837]

6 hours ago, SimiK said:

Does the emsisoft decryptor have a key for this ransomware? do you need to see the ID?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

You can post the ID here if you want me to let you know if it's online or offline.

[SimiK 0]

Hi,

I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID. Another strange thing is, my cousin says that some files are .mado but most are .copa extensions. Have you come across a situation like this before?

Thanks,

Simran

[GT500 837]

7 hours ago, SimiK said:

Have you come across a situation like this before?

It usually means that more than one variant of STOP/Djvu has infected the computer. The variant that used the extension .mado was first seen in March, and was probably replaced by another one in early April.

 

7 hours ago, SimiK said:

I was going to show you a screenshot of the readme.txt file, however after trying to search for it on my cousin's laptop, it does not seem to be there so i cannot get the personal ID.

The decrypter will tell you the ID for each file. The ransomware adds the ID used to the end of each encrypted file, so it's not necessary to get it from the ransom notes.
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

[nagoo1 0]

i have the same .copa ransomware

the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB

is there a solution for that? or is it impossible?

it locked a lot of really important memories for me as well  as some work documents. i really hate these people

[GT500 837]

8 hours ago, nagoo1 said:

the ID shown by the decryptor is x8EoV9ylA9udxOyy63bE16IT5LSfmjlP2NfEzfnB

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

[BugsBunny 0]

Hi guys,

My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt??

 

[GT500 837]

17 hours ago, BugsBunny said:

My files were decrypted with a .copa extension and an offline key ( it ends in "t1" ). Has the key been found yet?? Is there any way to decrypt??

No, that one's fairly new and we don't have a private key for it yet.

[erick 0]

This is my ID :  offline ID: 5sHsKew2XYnEguRaSVYIA8rudOB16MVLvPgGIOt1 

Please help me to decrypte for extension " .copa "

Show Guide to do it.

Thanks nick name GT500. 

Download Image

[GT500 837]

19 hours ago, erick said:

offline ID: 5sHsKew2XYnEguRaSVYIA8rudOB16MVLvPgGIOt1 

This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/