Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Ransomware gang starts leaking alleged stolen Change Healthcare data

Featured Deal: A Costco Gold Star Membership + $40 Digital Costco Shop Card is $60

Latest Buyer's Guide:    Best VPNs for privacy in 2024: Protect yourself online

Generic User Avatar

STOP Ransomware (.STOP .Djvu, .Puma, .Promo) Support Topic

Started by quietman7 , Feb 10 2018 07:30 AM

  • Please log in to reply
12103 replies to this topic

#7786 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Avatar image
  • Members
  • 549 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Paris
  • Local time:01:32 PM

Posted 26 September 2019 - 12:51 PM

The next STOP ransomware decryptor from Michael will be much better and simplier to use but for the moment victims can use this ugly decrypter_2 from the hackers.
 
 
Decryption Instructions for .gero | .hese | .kvag | .meds | .moka | .nesa | .peta | .seto | .karl | .kuub | .reco | .noos | .bora variants if your files were encrypted by the OFFLINE KEY   
 
UPDATE 10/04/19: See Post #8083 for specific instructions related to the .karl variant.
UPDATE 10/05/19: See Post #8108 for specific instructions related to the .kuub variant.
UPDATE 10/15/19: See Post #8339 for specific instructions related to the .reco variant.

UPDATE 10/16/19: See Post #8384 for specific instructions related to the .noos variant.

UPDATE 10/16/19: See Post #8409 for specific instructions related to the .bora variant.

 

Also be sure to read About ZIP crypted archives with the STOP (.djvu) ransomware variants.

 

 
To download the decrypter_2.exe, click here. The decryptor is safe as shown here : virustotal report.
 
1. Backup all your encrypted files to an external drive before start decrypting.
2. download decrypter_2.exe
3. Start decrypter_2.exe
4. copy and past the key and fields for your variant.
You need copy-paste Private key with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----
 
You will find bellow the :
 
OFFLINE KEY for .seto.
OFFLINE KEY for .gero.
OFFLINE KEY for .hese.
OFFLINE KEY for .kvag.
OFFLINE KEY for .meds.
OFFLINE KEY for .moka.
OFFLINE KEY for .peta.
OFFLINE KEY for .nesa.
 
5. Select the button Decrypt file to make a test with one file before selecting Decrypt Folder or Start.
 
It will decrypt your STOP data crypted with the offline key.
Many victims have files crypted by both an online key and the offline key so it may not decrypt all your files.
 

Kind regards,
Emmanuel emte@adc-soft.com
--
Emmanuel Teillard d'Eyry – Support Manager https://adc-soft.com/decryptage/ransomware.php
ADC-Soft | 18bis, rue de l’Est – 92100 Boulogne-Billancourt (France)
Partner of Dr.Web | Twitter: @Emm_ADC_Soft
 
If I have helped and you would like to consider a donation, click here.

Attached Files


Edited by quietman7, 18 October 2019 - 06:14 PM.

BC AdBot (Login to Remove)

 

#7787 Aizails

Aizails

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:11:32 AM

Posted 26 September 2019 - 01:00 PM

Hi, I need help.All file names on my computer have been extended with .karl.
Coluld you please help me find out how to decrypt my files? Thank you very much.
 
 
Here is the payment file.
 
ATTENTION!
 
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
 
 
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
 
Reserve e-mail address to contact us:
gerentoshelp@firemail.cc
 
Your personal ID:
0165Asd483yiqgkhjdg29ILIxBoCvw556zgVdX1u2UOtW9H5BzH1aJspz4x

#7788 naguib_nader

naguib_nader

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:01:32 PM

Posted 26 September 2019 - 02:49 PM

hi all i have ransomware virus encrypted all my files (,nesa) i could not find any toll yet to decrypt my files 

HYG

 

 

 

  • ransomnote_email: gorentos@bitmessage.ch
  • sample_extension: .nesa

My personal ID 

0166hTlGeRs0VivelfLiTap1Y8l070wugciWamsahteGmtuEpQj


#7789 ronaldaponte

ronaldaponte

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  

Posted 26 September 2019 - 03:33 PM

still nothing of .domb ... is a lot of information that I lost :(

#7790 rabeegsm

rabeegsm

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:01:32 PM

Posted 26 September 2019 - 04:28 PM

thanx >>>>>>


#7791 rabeegsm

rabeegsm

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:01:32 PM

Posted 26 September 2019 - 04:38 PM

plz i have .seto

my personal ID:

0159Iuihiuer7f3hf2OP9Wz23lttxHuKOeuF2MJddblvFDJDjMXLsYnYc

 
plz help
 

#7792 quietman7

quietman7

    Bleepin' Gumshoe

  • Topic Starter

  • Avatar image
  • Global Moderator
  • 61,913 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 26 September 2019 - 04:56 PM

plz i have .seto
my personal ID:
0159Iuihiuer7f3hf2OP9Wz23lttxHuKOeuF2MJddblvFDJDjMXLsYnYc
 
plz help

Emmanuel_ADC-Soft has indicated the .gero, .hese, .meds, .moka, .peta, .kvag, .seto variants can be decrypted if they were encrypted with an OFFLINE KEY. See Post #7788 for instructions. If you were infected with an ONLINE KEY, the variant is not decryptable and those instructions will not help.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7793 quietman7

quietman7

    Bleepin' Gumshoe

  • Topic Starter

  • Avatar image
  • Global Moderator
  • 61,913 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 26 September 2019 - 04:58 PM

hi all i have ransomware virus encrypted all my files (,nesa) i could not find any toll yet to decrypt my files 

HYG

  • ransomnote_email: gorentos@bitmessage.ch
  • sample_extension: .nesa

My personal ID 

0166hTlGeRs0VivelfLiTap1Y8l070wugciWamsahteGmtuEpQj

.nesa is the latest new variant and not decryptable at the moment. However, experts are working on ways to obtain OFFLINE KEYS and if they are able to do so, that information will be provided in this support topic.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7794 quietman7

quietman7

    Bleepin' Gumshoe

  • Topic Starter

  • Avatar image
  • Global Moderator
  • 61,913 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 26 September 2019 - 05:01 PM

still nothing of .domb ... is a lot of information that I lost

.domn is not decryptable at the moment. However, experts are working on ways to obtain OFFLINE KEYS and if they are able to do so, that information will be provided in this support topic.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7795 Mind01

Mind01

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:01:32 PM

Posted 26 September 2019 - 05:14 PM

Kindly thx

  • ransomnote_email: gorentos@bitmessage.ch
  • sample_extension: .nesa
  • sample_bytes: [0x126EB4 - 0x126ECE] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
  • ID:0166hTlGeRsRkbJr6cNttHczqfa5xXQm44qN63jGUnHlkb5JFHV

#7796 quietman7

quietman7

    Bleepin' Gumshoe

  • Topic Starter

  • Avatar image
  • Global Moderator
  • 61,913 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 26 September 2019 - 05:40 PM

Kindly thx

  • ransomnote_email: gorentos@bitmessage.ch
  • sample_extension: .nesa
  • sample_bytes: [0x126EB4 - 0x126ECE] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
  • ID:0166hTlGeRsRkbJr6cNttHczqfa5xXQm44qN63jGUnHlkb5JFHV

Read my reply in Post #7795.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7797 honganh89

honganh89

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:06:32 PM

Posted 26 September 2019 - 08:42 PM

hope .nesa will be decrypted soon. 

Special thanks for @quiteman7, @Emmanuel_ADC-Soft  and supporters


#7798 naguib_nader

naguib_nader

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:01:32 PM

Posted 26 September 2019 - 09:23 PM

 

hi all i have ransomware virus encrypted all my files (,nesa) i could not find any toll yet to decrypt my files 

HYG

  • ransomnote_email: gorentos@bitmessage.ch
  • sample_extension: .nesa

My personal ID 

0166hTlGeRs0VivelfLiTap1Y8l070wugciWamsahteGmtuEpQj

.nesa is the latest new variant and not decryptable at the moment. However, experts are working on ways to obtain OFFLINE KEYS and if they are able to do so, that information will be provided in this support topic.

 

Thnx for ur efforts so far & all other members but if i may ask how to know that i got decrypted by offline keys

and also if there any tutorial video how to use STOPDecrypter software & how to add offline keys

sorry for any inconvenience i may cause as my case here is 14 TB

& thnx again


#7799 gabutgabut

gabutgabut

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:06:32 PM

Posted 26 September 2019 - 09:52 PM

Update and thanks to Yousif_Ayman for sharing.

The next STOP ransomware decryptor from Michael will be much better and simpliest to use but for the moment we use this uggly decryptor from the hackers.

 

**************           decryption instructions for .gero | .hese | .meds | .moka | .peta | .kvag and .seto files crypted by the offline key              ***************

 

 

To download the decrypter_2.exe, click here.
The decryptor is safe as shown here : virustotal report.

 

1. Backup all your encrypted files to an external drive before start decrypting.

2. download decrypter_2.exe
3. Start decrypter_2.exe

4. copy and past the key and fields for your variant.

 

You will find bellow the :

 

OFFLINE KEY for .seto.

OFFLINE KEY for .gero.

OFFLINE KEY for .hese.

OFFLINE KEY for .kvag.

OFFLINE KEY for .meds.

OFFLINE KEY for .moka.

OFFLINE KEY for .peta.

 

5. Select the button Decrypt file to make a test with one file before selecting Decrypt Folder or Start.

 

It will decrypt your STOP data crypted with the offline key.

Many victims have files crypted by both an online key and the offline key so it may not decrypt all your files.

 

Kind regards,

Emmanuel emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Manager https://adc-soft.com/decryptage/ransomware.php

ADC-Soft | 18bis, rue de l’Est – 92100 Boulogne-Billancourt (France)
Partner of Dr.Web | Twitter: @Emm_ADC_Soft

 

If I have helped and you would like to consider a donation, click here.

 

my file LOST after start decrypt, extensions .meds 

i was backup all file in my external hard disk..

 

hope .meds can decrypt well 

thanks before @Emmanuel_ADC-Soft


#7800 donHenry

donHenry

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  

Posted 26 September 2019 - 10:50 PM

my computer infect by .NESA Ransomware. All my file has been encrypt.. pls help me
 
ATTENTION!
 
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
 
 
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
 
Reserve e-mail address to contact us:
gerentoshelp@firemail.cc
 
Your personal ID:
0166hTlGeRsjbUWhspVFUWNgs21mBLvWKA3o8fhWwpSTZjVd6kK

Back to Ransomware Help & Tech Support


5 user(s) are reading this topic

0 members, 4 guests, 1 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·