Arslanportal Posted June 29, 2021 Report Share Posted June 29, 2021 My all files have been encrypted with a new extension called .NEER. I've read some blogs about the ransomware using offline and online IDs. My personalID ends with t1, indicating offline ID. I ran Malwarebytes on the system and all threats have removed. Then i downloaded Emsisoft to encrypt all files. But it said, the .NEER extension is new, so far it doesn't have any key to encrypt the data. Please help, I've very important data of my study and business. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted June 29, 2021 Report Share Posted June 29, 2021 That extension is used by STOP(DJVU). Unfortunately, we no longer have any method to decrypt STOP(DJVU) unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. Link to comment Share on other sites More sharing options...
Arslanportal Posted June 29, 2021 Author Report Share Posted June 29, 2021 One more thing. As i mistakenly did open my internet after ransomware infection once for the purpose to install malwarebytes, then immediately closed when i saw my fresh file on desktop encrypted. Just now, I see i have another ID shows under previous ID. In C drive, i had systemID folder, and a notepad file which contains my ID that ends with t1. Photo is attached Link to comment Share on other sites More sharing options...
Amigo-A Posted June 29, 2021 Report Share Posted June 29, 2021 Hello @Arslanportal Good, you have an offline ID. This is how the decryptor informs that it does cannot decrypt the files now because it does not yet have the decryption key for this variant. Its addition to Decryptor depends on the voluntary transfer of the key so that others victims can decrypt the files without paying a ransom. But we cannot predict when someone will share the purchased key with the 'Emsisoft Decryptor' developers. The encrypted files need to be saved to an external drive to prevent encryption from being repeated by another ransomware attack. Highly undesirable try different software that is not designed to decrypt files after the 'STOP Ransomware'. Other software can damage your files and make decryption impossible. If you are doing experiments, make a copy of the encrypted files for testing. Link to comment Share on other sites More sharing options...
Amigo-A Posted June 29, 2021 Report Share Posted June 29, 2021 This 'STOP Ransomware' enters the PC due to the fact that it is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat. If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks. There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. After this attack, PCs could have stayed other malware elements. This maybe is an 'info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Link to comment Share on other sites More sharing options...
Amigo-A Posted June 29, 2021 Report Share Posted June 29, 2021 If the files are urgently needed now, and you cannot wait for a lucky time of decryption... You must use this method at your own risk. It will be better to make a copy of the encrypted files for this test without risking the original files. Something will be restored better, something will be restored worse. If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable. There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp An alternative method for other files has not yet been found. In addition, encrypted files can be transferred to an external drive and disconnected from the PC until the lucky chance of decryption. Link to comment Share on other sites More sharing options...
Mohit Chaudhari Posted July 11, 2021 Report Share Posted July 11, 2021 hi, all my files are encrypted with .neer extension. It says its an online ID. My last digits of personal ID is 'pcUR'. Please help me guys. Link to comment Share on other sites More sharing options...
Amigo-A Posted July 11, 2021 Report Share Posted July 11, 2021 Hello @Mohit Chaudhari If the online ID was used, then the files cannot be decrypted using the Emsisoft decryptor. Read my two posts above. First, you need to check your PC and remove malware. The second post describes two methods for recovering some files. Read and try to do as it says. We'd love to help more, but there is nothing more to offer you. Link to comment Share on other sites More sharing options...
Recommended Posts