Jump to content

My files are encrypted .stax


Recommended Posts

Hello.

In this section of the forum, you need to provide a ransom note   (and different, if any) and several encrypted files in the zip archive.

This way we can try to identify the ransomware that encrypted the files.

All available variants are collected here.
To date, the 'STOP Ransomware' variant that adds the .stax extension to the encrypted file is one of the new ones.

Link to comment
Share on other sites

I Was infected by a ransomware and my files are encrypted and the extension is .stax.

This is the ransom note:

 

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-dFmA3YqXzs
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0345uSifkeRFjaDtea84I19fMYbSPg0dSkPzfeQkl7nJwIjrdP

 

 

Link to comment
Share on other sites

38 minutes ago, Fredrick Ben Martin Balois said:

Your personal ID:
0345uSifkeRFjaDtea84I19fMYbSPg0dSkPzfeQkl7nJwIjrdP

We usually recommend reading this article first.

If you download an Emsisoft Decryptor, it will tell you if your files can be decrypted.

Link to comment
Share on other sites

What to do? Everything is lost?
No, there is currently no way to decrypt files, but in the future, in theory, extortionists can publish keys to all of their victims. This does not happen often, but this year we have seen such cases several times.

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.

There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

!!! You need to neutralize all malicious files in the system. This should be done as quickly as possible. 

Link to comment
Share on other sites

Only after neutralizing all malicious files ...

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office.

An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than to lose everything...

Link to comment
Share on other sites

4 hours ago, Amigo-A said:

Olá.

Nesta seção do fórum, você precisa fornecer uma nota de resgate (e diferente, se houver) e vários arquivos criptografados no arquivo zip.

Dessa forma, podemos tentar identificar o ransomware que criptografou os arquivos.

Todas as variantes disponíveis são coletadas aqui .
Até o momento, a variante 'STOP Ransomware' que adiciona a extensão .stax ao arquivo criptografado é uma das novas.

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-dFmA3YqXzs
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0345uSifkeqvJmgz7aAm7ZSoMBEA7MA5KyutAlCiWpmimhdcrO

Link to comment
Share on other sites

44 minutes ago, ThiagoFreitas said:

Your personal ID:
0345uSifkeqvJmgz7aAm7ZSoMBEA7MA5KyutAlCiWpmimhdcrO

Your case is analogical. It is also impossible to decrypt files. If there were "t1" characters at the end of the ID, there would be a chance to decrypt the files after receiving the decryption key from a generous volunteer who paid the ransom.

---

Please read my recommendations above. You can try to return only some types of files. There is no other way yet.

If someone on some site claims that he can decrypt the files, then he is lying or colluding with the extortionists, receiving a share of the ransom, or sharing with them himself.

Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...