Jump to content

Files are encrypted with .coos and decryption is impossible


Recommended Posts

Hi,

My files got encrypted a couple minutes/hours ago and I cannot decrypt them with the decrypter. Based on my files and information the ransomware is "STOP (Djvu)". Is there anyway I can still decrypt these files? 

The files end with .coos

Indy

  • Sad 1
Link to post
Share on other sites

I see in the decryptor that it appears to have a online ID, in the post you send me it says that decryption is impossible with an online id. Is is a good idea for me to leave my computer (desktop) alone for a while or are my important files basically not coming back ever again?

Thanks a lot for the quick reaction by the way! You're amazing!

 

Link to post
Share on other sites

This ransomware may still be active on your system. It is necessary to check the PC and save the found malicious files in quarantine.

Thanks!

You read that right. For a long time, this Help remains valid. Unfortunately, if the ransomware was performing online-encryption, then most likely the files will not be able to decrypt. But each case requires study. Extortionists can change something at any time.

Link to post
Share on other sites

I scanned my computer on malware and put the malware in quarantine. 

Should I just wait now, or do I have to take further action?

I'm sorry, first time I have ransomware on my computer. 😄

And how do stay up to date on the new versions on this ransomware?

Link to post
Share on other sites

You need to wait. A support specialist will tell you how best to do it. We have a time difference of 10-11 hours.

This new variant of "STOP ransomware" and needs to research.

Link to post
Share on other sites
10 hours ago, IndySlot said:

Should I just wait now, or do I have to take further action?

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

Link to post
Share on other sites

_readme.txtsir please my pc infected by .coos ransomware virus with online key: zOwuuF28V80ZDzE4dI6E1siTfpgrHOM0QmT2yZO2

i restore my windows and scanned it with many malware software like malwarebytre , spy hunter , Emsisoft Internet Security and GridinSoft Anti-Malware and im looking for decrypt my data

it is very importatnt thing all of my work and my data

_readme.txt master.prproj.coos

Link to post
Share on other sites
8 hours ago, Papai said:

In my case, an online ID. They tried to sign into my social networking accounts too. Lost all crucial data.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

The information at the link includes this, but the ransomware also downloads and runs the Azorult trojan, which steals your passwords.

Link to post
Share on other sites
7 hours ago, EhabAdel said:

sir please my pc infected by .coos ransomware virus with online key: zOwuuF28V80ZDzE4dI6E1siTfpgrHOM0QmT2yZO2

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

7 hours ago, EhabAdel said:

i restore my windows and scanned it with many malware software like malwarebytre , spy hunter , Emsisoft Internet Security and GridinSoft Anti-Malware and im looking for decrypt my data

Emsisoft Internet Security is a discontinued product, and hasn't been updated in years. If you really do have it installed, note that it won't be able to detect the STOP/Djvu ransomware, and that it is too old to receive database updates.

Here are links to our currently available products which we still maintain:

Link to post
Share on other sites

Someone posted a link to something called "DiskTuna" claiming it can recover files. The post has since been hidden, and I have asked our lab team to look at the program as it seems a bit fishy (as in potentially unsafe) to me.

Link to post
Share on other sites
13 hours ago, AD Music said:

I got my files encrypted with .coos extension :[ is there literally any way i can get back my only one mp3 file

Im soo sad :,(

It might be possible to use software intended for recovering MP3 files, as the ransomware only encrypts a small portion of the beginning of the files. Larger files that are in formats that are tolerant of missing data can actually be recovered, and some music and video formats fall into that category.

Link to post
Share on other sites

 Sayın Emisoft Desteği; 27 .12. 2020 tarihinde dizustu bilgisayarıma .igal uzantılı virüs girdi C ve D de bulunan 700GB tüm arşivim (pdf, rar, mp3, wav, exel, word, jpeg.pnp,) şifrelendi virüs taraması yaptırdım açılmıyor Bu. igal uzantılı virüs için çözüm nedir ne yapmalıyım. beni aydınlatırsanız memnun olurum.

_readme.txt asus pc için guncelleme.jpg.igal 2015 Yılı Mizan.pdf.igal

Edited by halcetin
Dosya eklemeyi unutmuştum onları ekledim.
Link to post
Share on other sites
12 hours ago, halcetin said:

Sayın Emisoft Desteği; 27 .12. 2020 tarihinde dizustu bilgisayarıma .igal uzantılı virüs girdi C ve D de bulunan 700GB tüm arşivim (pdf, rar, mp3, wav, exel, word, jpeg.pnp,) şifrelendi virüs taraması yaptırdım açılmıyor Bu. igal uzantılı virüs için çözüm nedir ne yapmalıyım. beni aydınlatırsanız memnun olurum.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

Google tarafından sağlanan çeviri:
Bu, STOP / Djvu'nun daha yeni bir çeşididir. Çevrimdışı bir kimliğiniz varsa, bu varyant için şifre çözme anahtarını bulup veritabanımıza ekledikten sonra dosyalarınızı kurtarabilmeniz gerekir. Ancak, çevrimiçi bir kimliğiniz varsa (ki bu daha olasıdır), dosyalarınızı kurtarmanız mümkün olmayacaktır. Aşağıdaki bağlantıda daha fazla bilgi var:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...