How to Restore Files Encrypted by Ransomware (Without Decrypter)
THREAT REMOVAL

How to Recover Ransomware Encrypted Files (Without Decrypter)

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

We have created this instructive article to best explain the current options that you as a victim have to restore your files in case you do not wish to pay ransom to cyber-criminals.

Ransomware viruses have been around for quite some time and with most of them now decryptable the developers of viruses have “learnt” their lesson and have created a much stronger encryption scripts than before. So with ransomware evolving, the common user does not really have the capability or the know-how on how he or she can fight back to this menace and get the files back without having to go through the painstaking process of paying BitCoins. This is why, we as a security blog with extensive experience in how such viruses encrypt your files have decided to go over the main methods that you can use to restore your encrypted files in the event that there is no decryptor that is officially working for the virus at hand.

How Do Ransomware Viruses Encrypt Files?

By default, encryption can be explained as “The process of encoding information so that only parties with access to it can read it.”, according to it.ucsf.edu. This basically means that the virus infects your computer after which runs a set of processes which create a copy of the original file and this copy has parts of data replaces with data from the encryption algorithm used (RSA, AES, etc.). The original file is then deleted and the virus leaves the file to appear as if it is corrupt. After the encryption is complete the ransomware generates a decryption key, which can be either Private(symmetric) or public. The trend nowadays is for ransomware viruses to use a combination of both, making the direct decryption even more impossible than it was before, unless you have a decryption software which is again, coded by the ransomware authors. For more information on how encryption exactly works, you can check the related article underneath:

Related: Ransomware Encryption Explained – Why Is It So Effective?

Before you start to recover files, be advised that for some methods to work, you will need to remove the ransomware virus from your computer beforehand. We recommend using an advanced anti-malware software for the removal process, since it is capable to fully and swiftly detect all malicious files and secure your computer by removing them and providing active protection against all possible threats, known at the moment.

How to Get Encrypted Files to Work (Alternative Ways)?

So, having briefly explained what has happened to your files, let us now discuss what you can do to get them to work again. In this article we have done our research to best provide you with instructions on the different alternative tools that you can use to get the files back. Do not consider the methods underneath a 100% solution, but rather something that you can try and it may or may not work. To install some hope in you recovering your files, however, I will say that depending on the virus and the situation, we have received feedback from ransomware victims who used those methods to restore some of their files and users who were able to restore absolutely every file that was encrypted successfully. Oh yes, and before you start readin about those tools and methods, be advised to read the decription of each method as we have explained where it can be used with maximum effectiveness, since this method is likely to be appropriate for your specific situation. Let us start!

Method 1 - Restore Files via Data Recovery Software


Method By using a Data Recovery Program.
Appropriate Situation When there is no decryption available for the ransomware, but you can still use Windows to install and run software.
Instructions Difficulty Easy


Sometimes the safest methods against file encryption are to go around the encryption and focus on the original files that are deleted by the ransomware virus. But for this method to work, it is important to know that you should not format your hard drive as many victims simply copy the encrypted files to an external drive and reinstall their Windows, which significantly decreases the chances of recovering your files. There are many data recovery programs out there and we have done a Top 10 comparison with statistics by testing recently deleted files and files deleted after reformat on a separate partitio of a Windows 10 machine (see related article below).

Related: Which are The Best Data Recovery Programs

So, based on our experience with Data Recovery programs, the natural choice for us is to provide you with instructions on how to recover your files, using the 1st program in the Top 10 review – Stellar Phoenix Windows Data recovery. Here is how you can recover your files by using this software.

Step1

Step 1: Download Stellar Phoenix from the button underneath:


Step2

Step 2: Open the downloaded file on your browser:


Step3

Step 3: Agree with the license agreement an then wait for the setup to complete, after which click on “Finish”:


Step4

Step 4: When the program starts automatically simply select the file types you want to recover and click on Next:


Step5

Step 5: Select the drive on which to scan for those files and then click on Scan:

The program will start scanning for files and will take some time. After the scan is complete, it will open a file explorer with file preview which will help you choose which files you wish to recover:



Method 2 - Restore Files via Windows Backup


Method Via Windows Backup & System Recovery Services
Appropriate Situation This method is used when your backup has been set up and is active and working and the backed up files are not deleted.
Instructions Difficulty Easy


Windows Backup remains to likely be the most popular method that is used when it comes to the recovery of your important files and this is why it is always reccomended to set up Automatic Backup in Windows, because if the ransomware is not that complicated or well-made, it will hot be able to delete your backups. Here is how to recover your backed up files in Windows:

Step1

Step 1: Hit the Windows Button + R key combination to allow for the Run Window to appear:



Step2

Step 2: In the Run Window type “ms-settings:windowsupdate” and click on OK:



Step3

Step 3: When the Settings are opened, click on the Backup icon:



Step4

Step 4: From the Backup page, go to “More Options” to visit the Backup Options page.



Step5

Step 5: From the “More Options” menu, click on “Restore files from a current backup”.



Step6

Step 6: From the File History Window, select the files you want to restore and then click on the restore button in bottom-center:



Method 3 - Restore Files by Using Shadow Explorer (Shadow Copies)


Method Via the program Shadow Explorer.
Appropriate Situation This method is used when your backup has been set up, but is NOT active and working , however the backed up files are not deleted.
Instructions Difficulty Easy


The Shadow Explorer program is a very useful way to check if you have any left-over shadow copies and it can help you restore your files in case the shadow copies of your computer are active, but for some reason, the ransomware virus has disabled Windows Backup and Recovery and you cannot use it in any way.

Step1

Step 1: Download Shadow Explorer by clicking on the Download button underneath:


Step2

Step 2: Open and Extract the contents of the .ZIP file:



Step3

Step 3: Open the ShadowExplorerPortable folder and double-click on the following file:



Step4

Step 4: Select the Date and Time from the drop-down menu on the top left of Shadow Explorer and then choose the files which you want to recover from the explorer, after which right-click on the files (or folders) you want recovered and then click on “Export”.

Method 4 - Restore Files by Plugging Your Hard Drive to Another Computer


Method Via Manually taking out your hard drive and plugging it into another PC, then unlocking it to gain access to your files.
Appropriate Situation Usually used on viruses which completely lock access to Windows, like Lockscreen ransomware viruses or broken viruses that damage Windows in a way.
Instructions Difficulty Hard


Ransomware viruses have evolved the past couple of years and with new infections, like the Petya and GoldenEye viruses, we have definitely started to realize the devastating consequences of the ransomware menace. These types of viruses may not encrypt the files on your drive, but most of them damage the Master Boot Record, also known as MBR, prevent you from starting Windows. In this case or if you cannot access Windows for other reasons, this theoretical approach may be able to help you effectively.

Step1

Step 1: Remove the battery and power from your laptop. For desktop computers, please plug out the power from the contact cable.

Step2

Step 2: Using the screwdriver, unscrew the case which carries the hard drive. For laptops, you should follow these steps:

sensorstechforum-laptop-remove-bolts-sensorstechforum

Step3

Step 3: Remove the hard drive again with the screwdriver. It will look similar to the one on the picture below:

hard-drive-removal-sensorstechforum


Step4

Step 4: Plug-in the hard drive on a secure computer which has an internet connection and Windows installed and screw it in firmly. If connected directly, the hard drive should be detected by the OS as a separate partition, similar to the picture below:

1-hard-drive-detected-sensorstechforum-petya-ransowmare


Step5

Step 5: After plugging in the hard-drive to your computer, be advised that you can use a program, known as AntiWinLocker which can help you to access the folders on your hard drive without having to type your Windows login username and password.

If the files are not intact. If you were not able to recover your files this, way, we would suggest to check the method which explains how to install and use Data Recovery software to scan your extracted hard drive and hopefully recover as many files as possible.


Method 5 - Restore Files by Using a Network Sniffer


Method Via the Wireshark Network Sniffer.
Appropriate Situation When the ransomware communicates live with the cyber-criminals to send information about the decryption key to their server.
Instructions Difficulty Very Hard


The good old network administrator tool, the Wireshark Network Sniffer is coming yet again to help. But to use it, you must have a comprehensive understanding on how to work with network sniffing software, since the approach here is purely theoretical and it works only when ransomware viruses send the actual decryption key to the cyber-criminals behind this infection. But to find a string like this in the frames and packets of data, you need to have an understanding on how analyze incoming and ongoing communication data from Sniffer programs. Below, we have tried to explain how you can do this thoeotically, if you feel enthusiastic in trying this method out.

IMPORTANT:For the instructions below to work, you must not remove the ransomware from your computer.

Network sniffing with Wireshark can be performed if you follow these steps:

Step1

Step 1: Download and Install Wireshark.

For this tutorial to work, you will require Wireshark to be installed on your computer. It is a widely used network sniffer, and you can download it for free by clicking on the “Download Now” button below:


Step2

Step 2: Run Wireshark and start analyzing packets.

To begin the sniffing process, simply open Wireshark after installing it, after which make sure to click on the type of connection you want to sniff from. In other words, this would be your active connection mode with the internet. In our case, this is the Wi-Fi connection:

1

Step3

Step 3: Find the packet you are looking for.

This is the tricky part because you will surely not know the IP address of the cyber-criminals. However, you may want to filter out the packets by typing different information in the filter above(Method 1). For example, we have typed RSA, in case there is information related to RSA encryption in the packets:

2

The most effective method, however(Method 2) is to watch the IP addresses and if they are not from your network, analyze all the traffic sent out to them by filtering them out based on different protocols. Here is how to find your network:

If you are using an IPV4 address, the first three octets or digits which are the same as your IP address are your network. If you do not know your IP address, to check your network simply open Command Prompt by typing cmd in Windows Search and then type the “ipconfig /all”. After it does that, go to your active connection (in our case Wi-Fi) and check your Gateway. The Gateway address is basically your network. The principle with IPV6 addresses is rather similar.

Step4

Step 4: Find the key:

After you have located the IP address of the cyber-criminals and you have discovered any information sent out from the virus to them, you may find a packet containing the encryption key. It may look like the picture, provided by Nyxcode below:

wireshark-solution2-sensorstechforum

This key can effectively help you to recover your encrypted files, but be advised that for this to happen you will need to develop a decryptor or have someone do it for you, like a cyber-security expert or a programmer with experience in data encryption.

Method 6 - Restore Files by Using Decrypters for Other Ransomware Viruses


Method Via Third-Party Decryptors.
Appropriate Situation When the ransomware is part of a ransomware family of variants which are decryptable and an official working decryptor is released.
Instructions Difficulty Average


The foundation on which this method has been designed to work on is pure luck and analysis. If you have been infected by any ransomware virus, the first thing that you should do before doing anything is understanding what type of virus has infected your computer. Most ransomware viruses are not decryptable, but then again there are those infections which are parts of a ransomware family, like the Scarab viruses, HiddenTear ransomware family and many others for which we have decryption instructions. So the best way to check if a virus is decryptable is to do the following steps.

Step1

Step 1.0:Check if we have information in our Ransomware Database about your virus variant (we always link a decrypter in it).

Step 1.1: If Step 1.0 does not give you results, check on the official NoMoreRansom project’s web page, where information is regularly updated for every single ransomware virus version released out in the wild.


Step 1.2: Make sure to backup your important files before using the decryptor.


Step 1.3: Download the decrypter and follow the instructions in it to decrypt your files for free.

N.B. Be advised that this only works if a virus is from the same variant and is a very RISKY method to use, so only use it if you feel sure and always backup beforehand, because some ransomware viruses use a so-called CBC mode (Cipher-Block-Chaining), that damages files after encryption.

Avatar

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:
Twitter

320 Comments

  1. Avatarkarim

    my computer is infected by a quite new malware named ilksktivw and demands money to release files.

    Reply
    1. AvatarMilena Dimitrova

      Hi Karim,
      Is that the extension that has been appended to your files? Can you give us more information?

      Reply
      1. AvatarSergio Herrera

        Hola Milena

        Mi nombre es Sergio Herrera, yo tambien tengo problemas con mis archivos. estan encriptados por el virus pumax tienen extencion *.pumax. podras ayudarme para desencriptar mis archivos. realmente agradezco su ayuda.
        saludos cordiales.

        Reply
        1. AvatarMilena Dimitrova

          Hi Sergio,

          Fortunately there is a decrypter for the .pumax ransomware, please find it here: https://sensorstechforum.com/pumax-files-virus-remove/
          Have a look at the .pumax Virus – Update December 2018 section of the article where the download link is situated.

          Reply
          1. AvatarOtto Garzon Lazo

            Milena Dimitrova ,hola por favor, mi maquina se infecto con la extensión .promarad, según he revisado es de DJVU, puedes ayudarme por favor

      2. AvatarGerardo ramos

        Perdí fotos muy importantes de un casamiento y se transformaron con extensión .blower no tengo dinero para pagar los desencriptadores quisiera saber si se puede hacer algo …. Incluso todo el disco quedo con los files en .blower por favor auxilio que hago

        Reply
        1. AvatarMario

          we are having the same problem, if you can find any solution to this problem please let me know and I will do the same
          thank you.

          Reply
      3. Avatarekankam

        ‘mdenwoscnv’… this is the extension that has appended my files. Gandcrab 5.2

        —= GANDCRAB V5.2 =—

        ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

        *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

        Attention!

        All your files, documents, photos, databases and other important files are encrypted and have the extension: .MDENWOSCNV

        The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

        The server with your key is in a closed network TOR. You can get there by the following ways:

        —————————————————————————————-

        | 0. Download Tor browser – https://www.torproject.org/

        | 1. Install Tor browser
        | 2. Open Tor Browser
        | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/7a5cf7ad42ee203
        | 4. Follow the instructions on this page

        —————————————————————————————-

        On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

        ATTENTION!

        IN ORDER TO PREVENT DATA DAMAGE:

        * DO NOT MODIFY ENCRYPTED FILES
        * DO NOT CHANGE DATA BELOW

        —BEGIN GANDCRAB KEY—
        lAQAADAJgYtRzogG6VI9idTrIRXUeN8zn21wcirjNWAzsNW1s730AtMEXjfdRNRIeJffhU2DD0qJCF3yElHQ5Rh6/WxbILF5P/Etfr/NV6ITyymPASD0FkIH/kX7P0gXgW5RUIOjZIvCGUSCPcdGyFxE5MtP9AQIEPOCcRyUPpj2CM4jDfhhjfFoNiJEGu3vxGPWIuPODXCCcZF9y5DoA+oiUs3z6HInQC3ANuimBUAwcOkaykjSLaqykN2EXnaboXM0Mq8d8UbilmxFBdDtElfN624leVspQny/GDwjZcyt5P0hY5Ql1okq55M8XlolPInQQKpGEfmR8efMM9uak0RDk1FAamQG63/XCFJvHYXwezLFFVVZPlsgsLYx1p5vr+bpgf53VU+jsYZsvhx7ZXAhOzojRIPUHrmlZcfWt8siNM3p4GVz2C+9ZitDG2I+HhxyGiubPEyqQ8Lgm9lVZH/2/Lk0LEKxnu3CXG1yslLVBI4y2f2NO+doIlXcpj7UwTLxna3vsnxrQASyqVIqrNte4G0yvN8YEAi7jyFQA2lPVEUDNidEmeGF2mBNewtBlNFzX2QIMPd4VxkaOE8SCeX+2nrNskXJaSldZVUcUXEC4KUi+9jlX4djJX2EHO/rLpVc9oEwojfOf/SD1ZoMqpXzaFigPL/0zlH+ItasEyiYcpevWq5TZX8oBx+YwZe+pPfKf1GXUCDGwKfM4/J71X+3i17gs5sKrK7+Q5Amy23Wri0RLsugonqpGN76pRUHI7WaJj0TidiVv/MX4d3V3oCfRsY69jKrkp1WyPpT6kZS9kunr9k7SCOsN1e0/YHXKPhfxw6qADZqyioi3qjeBJf4eletP8FV/3owH/MZtNUW3+wBfSrUe0aYrivkRza9GZvQsBjJONk4FP4CGmbzXWF55YukxTdkylHYrMh8XC/kZkPdq6Wb/MZ0NGn+saZ2vv8D1Lm6Y54e5MxUTc2yo3smVf03Btyl6Ur/NY5X1U04QzfUFg/PhsQqYRaXvFO6GU7J425ZUPgp5n9U4a2dSS+BClyqoDYg7P2K2BkXMAw027AEjjHpAbNn4G2iXdt9heBXPzbEPmLosemHxNVkQEYQW31TbddowmZbfxo4m2J92MyQD9FsmpF0cMNtXuVLg8wcB+Xqhz3qADg2Su9Cemslu6AYkmcpQsXOCKrZsoYGbw0ry/lWERSqP1DboDQWHWXGQN/cLfD6PxWT7pUJsDfMyfZxV5DW6IuFg79rBZOBUCur4W20JWUBFKJPjvX9ao3tlLxcKsf5pAh5nNYSBRs0s8w6r7a7vda+7aoBAgfKTTlkd6trLBJUt87IqAGCS/hu1ENH8EEZOSjQ2j0B3u9d0Xt2KyVWoyyzPoUbFI7YRdzsanicwPbQ2cWJQgz7P/taD9FacpAmIyzOrkeM9C63cc7hAazGr15/llCxLetrfcVgwHl5iK7SEBKIVDIpY171G8p3Nx/v/+rGXI0ace7UTwRyu0vWNvql4adJsmzqPRcd1KB8L/YwHHoMWkQ3t4VvJ6/U5SnKYdDfmiGI6OyHa2dgzxu7yI6OL803YwXY4Lkc+Imw9u8GTK4qL19zWz+bqUsVLn+5BZ55WBM/gThSWNmI8y3sv+KVK+ClmMA+xGDP7vLG0+XAvamOn5Jo6A/eXKTMvXMQaMujgiLXbnS7ISQFQLwNm16HBNUWBOMFmHQ2KvdachMGlUxeahems8hryl1W6FjtrIc7wsCuadT0uNzRPmL26g8QivdUM91YXwioP0wcs4YQw95RZyTLeDm+8PYbg70Nwhrc7KyXltvJxn//GNdKROvFjS4JI5fj1gxl2VppwkYib76Si+Sch1aBkX94hWjJQTIG3Uv7rtHcqBTHwByGeADV/JEa675OHU/ifWzBxksDBy01kJmOPY4A/qyydbXFLO5uYgntEg1YHFFB0vZWt/rAA1UBS2dixBi+Jt3WdSy5C2s+YQYfbR/inH+cZimIBFf0fQjacmKU5S9Nc7tried1+cLpSbSgLGIAKwWZoA3HdvQ6UW6Wg25vr71Zk0iOhNmCEhAPJn7FAk4JOWWgHYFeb2zFpbwNol0jlI4ryecdinvFXiXLLMAcyPiVVsbhPEG1q2biBxLzOXSw6dUTRciFFyLip8xURVaKEjq7DWzrEe3YdvMNaIZ573mi3u6IdBnQjv8ezj27hbxLSUVPbWuHXAbsLFTqu5oKVpmqqkdNXsI8Ew53vy0eZuXuGO4=
        —END GANDCRAB KEY—

        —BEGIN PC DATA—
        7ftDEgLb/ZS0lcmZbHM61KPJ5QOnD5UKmw6YbtogFHYeWLYCxZ+XYFtxBmDb9KHJMJDbAvSVseDPRXvIIXQmQ2qay7PczsgSeehmapSX2qbLGOIpU0uVIkugicQ2qivs7UgEXVJiDcF0iWP/gFL8WqBHGyOgMof74iZHO883kWa60KsRG/ofEubBktllsrKHT/UeIK90f4NTA3Q0Aa7fDOtFnCOTB5ome7FLZ/fMCt27gAb2/52sUzN7xdxdWKoyoIWs5zhHRnLzMN2B2FCdeiqo6lrnnIaZ6V9BSTXO4zB9mPr7qICkGFwpU6i/RSEVcPfH0wpSWSCYtNWJJNBZBilqqcZvR+W3YrGamdOR3UfUP93y/vMwLOHjW6PirwtWo+YkTxTJi/a4L0V0svf5S0uz66BfoUfFwZ2FPDCx4ShFud3oPVoJ6iuVz+mqqBpva7wdrtMyqi8A1fqlXTmS7qd4Aew/gTiwNUzEb+Yfs9wmLRGjwLinwCjinzPeKPygh42fWKb+7gkWvC6ijoFSEvtEvCM/AMXhw9QRIEb1V0GbyemMap0N1g0/++Qbe2sEznTBCrbrZtdJPEOVLco+Lu0bswnKcECVorCUEcCsFrTRnIiaaUI1b9k0s1GLcyrSiKIADBDFnYGgqEJw2kbHxMHGvHUKm+/KPPM0EpSdBZiuzltfHLo=
        —END PC DATA—

        Reply
      4. AvatarShameer

        Sir my files are infected with .skymap extension. I have tried Stop Decrypter but no luck.When do you think that the decrypter will be available.

        Reply
        1. AvatarMilena Dimitrova

          Hi Shameer,

          There is a decryption tool but is is designed to support specific offline IDs, so it may not be effective for all cases of .skymap ransomware infections. More information here: https://sensorstechforum.com/remove-skymap-files-virus/

          Reply
      5. AvatarZSC

        @Hi Milena
        My files are infected with .[wewillhelpyou@qq.com].adage ransomware. is there a decrypter or a solution to get back my files?

        Reply
  2. AvatarSteven

    Hello Milena,

    My computer also infected by ransomeware and most of the files extensions are renamed as .zeyilkz, are there any ways to decrypt them? Million thanks.

    Best regards,
    Steven

    Reply
    1. Tsetso MihailovTsetso Mihailov

      That is a custom extension – it is robably GandCrab. Did you get a ransomware note or a text file with instructions? If you did, can you share the text here?

      Reply
  3. AvatarKay

    Mine was named .adobe. Has anybody had any progress with resolving this?

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Kay.
      I have seen a person on Twitter who was able to decrypt some files encrypted by the .adobe ransomware. However, that person asks for thousands of dollars for his services. I guess a free decryption tool might be available soon.

      Reply
    2. Gergana IvanovaGergana Ivanova

      Hey, Kay!
      The same extension has been detected as one used by STOP ransomware strain. The good news is that security researchers have cracked the code of this threat and released a decryption tool. So you may be able to recover .adobe files with the help of this tool. Have in mind that another ransomware called Dharma also has a train that appends the extension .adobe. In case that your files were corrupted by Dharma .adobe your best option is to attempt to restore them from backups or consider the use of alternative data recovery approaches.

      Reply
  4. Avatarvaggelis

    my files are decrypted and the extension is ktpviuiin.
    how can i decrypt them ?
    please help i am desperate………..

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, vaggelis. This is a custom extension. It might be GandCrab ransomware. If it is a newer version – there is no solution. If the version is older, try the official decryption tool released last year – https://sensorstechforum.com/decrypt-gandcrab-ransomware-files/

      Reply
  5. AvatarNorma

    Mi equipo esta infectado por un randsomware y añadió a mis archivos y fotografías una extensión .djvuq y en cada carpeta hay una hoja nombrada .openme.tx Ustedes creen que sea posible restaurar mis archivos? Gracias por su ayuda!

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Yes – there is a decryption tool released. You can find a download link in the beginning of this article: https://sensorstechforum.com/djvur-ransomware-remove/

      .djvur and .djvuq are both variants of STOP ransomware and have the same decryption tool mentioned above.

      Reply
  6. AvatarDJELMEN

    My computer also infected udjvu and most of the files extensions are renamed as udjvu, are there any ways to decrypt them?

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hey, DJELMEN!

      Happily, you can attempt to restore .udjvu files with a free decryption tool released by the security researcher Michael Gillespie. You can download the tool via the Decryption Tool link here. The tool requires a pair of an original file and its encrypted version.

      Reply
      1. Avataranturi

        thx a lot

        Reply
  7. AvatarJenaro

    Buenos días, tengo información encriptada por extención .Rapid, se puede salvar ?
    Gracias!!

    Reply
    1. Tsetso MihailovTsetso Mihailov

      You can copy your encrypted files to another disk drive and wait for an official decryption tool released for free.

      As for the decryption tool sold by the criminals, do not buy it – it is broken. Only a few files are decrypted with it if the criminals decide to give you a decryptor. Wait and maybe there will be a solution in the future.

      Reply
  8. AvatarEliodoro

    Hola,
    el pasado 9 de enero de 2019 fue atacado mi pc y me encriptaron los archivos, la extensión de los archivos es “*.no_more_ransom”.
    En las carpetas dejaron un fichero llamador “How Recovery Files.txt” con el siguiente texto:
    Hello, dear friend!
    All your files have been ENCRYPTED
    Do you really want to restore your files?
    Write to our email – rapid@helprapid.org …………
    El programa Spyhunter 5 no me ha detectado nada extraño en el sistema.
    La última copia de seguridad es de hace 2 meses.
    ¿Cómo podría desencriptar los archivos?
    Gracias de antemano

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Eliodoro,
      write to the support of Spy Hunter regarding the detection. As for the files – for the time being there is no official solution.

      Reply
  9. AvatarUmar Javed

    My computer is infected with all hard drives with gandcrab 5.1 and i am searching how can i get my files back and do not pay to that bastards

    Reply
    1. AvatarSUN

      MY PC ALSO AFFECTED WITH GAND CRAB 5.1 on 20 Jan 2019

      AND SEARCHING FOR A SOLUTION…..

      Reply
  10. AvatarBan

    My PC also has been infected by ransomeware and all the files extension are in UIYAGBSI file. Please help

    Thank you.

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Umar Javed, SUN – GandCrab 5.1 is a newer version and there is no decryption solution for it.

      Ban – that sounds like GandCrab as well, but try the official decryptor if it is an older version of the virus: https://sensorstechforum.com/decrypt-gandcrab-ransomware-files/

      Reply
  11. AvatarTitan

    Hola alquien encontro como recuperar los archivos… Esos malnacidos me contaminaron todo el trabajo

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Titan,
      have you tried any of the above methods? Also, what ransomware has infected your files? If you know – share here.

      Reply
  12. Avatarventsislav georgiev

    infected the extension is .ekptwbs tray many methods and nothing if abybody can help me my email is vendzi4@gmail.com

    Reply
  13. Avatarrach

    mon pc est infecte par un ransomware ; NANO aider moi svp a recupere tout mes fichiers

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hey rach,
      try using the Aurora Decrypter tool linked in this article : https://sensorstechforum.com/nano-files-virus-ransomware-remove/ There is a chance that this is another ransomware using the same extension (a Scarab ransomware variant), in which case we are unaware of a decryption solution.

      Reply
  14. Avatarventsislav georgiev

    grandgrab5.0.4 extension .ekptwbs please help me to decrypt them with bitdefender its impossible my email is vendzi4@gmail.com

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Ventsislav,
      5.0.4 version of Gandcrab is not decryptable yet. You should backup your files and wait for an update to the decrypter – hopefully it will happen.

      Reply
  15. AvatarJim

    Hi,

    A friend got infected with a ransomware called Jaffe@Tuta.Io

    Any ideas?

    Thanks

    Reply
    1. Tsetso MihailovTsetso Mihailov

      We are aware of the ransomware – you can check our article for more information – https://sensorstechforum.com/remove-jaffe-ransomware/

      Other than that, there is no known official decryption tool released for Jaffe ransomware.

      Reply
  16. AvatarSagar SR

    Hi Milena,
    all my desktop files are infected by a GANDCRAB v5.1 under the file name .ubhoiy
    please help me retrieve my files..

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Unfortunately, GANDCRAB v5.1 is not decryptable for now. We cannot help you as no solution exists, yet.

      Reply
  17. AvatarFlamas

    Hola.. Mi pc se infecto con un ransomware que deja todos mis archivos con una terminación .blower me puedes ayudar?

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hola Flamas,
      currently there is no decryptor for .blower ransomware. As it is a STOP variant a decryptor might be developed. Just save your files and wait.

      Reply
  18. AvatarVIVEK

    my photo files are all encrypted with extension .bklhn
    Any help would be much appreciated

    Reply
    1. Tsetso MihailovTsetso Mihailov

      VIVEK,
      nowadays, solely knowing the extension of a ransomware virus is not enough to determine of which ransomware family it is. It looks as if you have a custom extension, which is probably generated by GandCrab ransomware. If that is the case and the infection is new (from this month) you probably got a newer version of the virus and it is not decryptable.

      Do you see anything else that you can share – a ransom note, message with instructions?

      Reply
  19. Avatarxfoun

    Buenas chicos , mis archivos estan encriptados en .local , alguna idea ?? muchas gracias

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hey xfoun,
      I have never heard of the .local extension. Any other information you can share on the virus – .txt file, ransom message or instructions on the infected computer?

      Reply
    2. Tsetso MihailovTsetso Mihailov

      Hello again xfoun.
      A ransomware virus, which encrypts files and places .local as their new extension has been found recently. It is a variant of STOP ransomware – you can read more on the link:
      https://sensorstechforum.com/local-file-virus-stop-remove/

      I know months have past since you first wrote, but if this is the virus that hit your computer, you can try to decrypt some of your files with the general STOP decrypter linked here:
      https://sensorstechforum.com/decrypt-files-stop-ransomware/

      I hope this helps you in some way.

      Reply
  20. AvatarMario

    hi, let me know if you find any solution on this, we have the same problem. I will do the same for you.

    Thanks

    Reply
  21. AvatarAzhar Abbas

    My files infected on 9th February 2019, by KRAKEN CRYPTOR, encrypted files extension is .YTUSU , Please suggest any decryptor if available.

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello Azhar,
      there is no too that can decrypt KRAKEN CRYPTOR yet. We will write if such a tool is released.

      Reply
  22. AvatarKOSKAMP

    CAN SOMEBODY HELP ME WITH THIS EXTENSION .KUFQZTS TO REMOVE FROM MY FILES THANK YOU

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Probably GandCrab ransomware. If its new – it cannot be helped.

      Reply
  23. AvatarAkila

    is there any decrypter for the *.xoloed ransomware ? plz help

    Reply
    1. AvatarMilena Dimitrova

      Hi there,

      Can you give us more details about your infection? Is there a ransom note you can share with us?

      Reply
  24. AvatarRoan

    My files are named .qdsmrc is there a way to fix it ? I really want my good trip memories memories back :(.

    Reply
    1. AvatarMilena Dimitrova

      Hi Roan,
      Can you provide us with further details about your infection?

      Reply
  25. Avatarcristain

    hola mis archivos asido infectados con la extencion ( BTEGHU ) y deja un archivo de nota en cada carpeta con el nombre de BTEGHU-DECRYPT hay alguna solución para recuperar mis cosas

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, cristain.
      This is most likely GandCrab ransomware. Can you share the contents (text) of the BTEGHU-DECRYPT.TXT file?

      Reply
  26. AvatarDialora

    My files are all infected on 16th February, encrypted files extension is JXSCT.
    Please suggest any decryptor if available

    Reply
  27. Gergana IvanovaGergana Ivanova

    Hello, Dialora!

    Considering the random extension you mentioned, we believe that your PC has been infected by a version of GandCrab ransomware. Do you see any ransom note or a text file with instructions? If you do, look for the mention of specific numbers. When you find them visit our article on how to decrypt files encrypted by GandCrab Ransomware and find your version. Beware that all versions released after 5.0.4 including the newest 5.1 are still not decryptable.

    Reply
  28. AvatarBauti

    All my file are infected by gandcrab 5.1 on 16 February, encrypted files extension is “krsefzfhq”. I would really appreciate any help and suggestions.

    Reply
    1. AvatarMilena Dimitrova

      Hello,

      Sorry to hear about your infection. Unfortunately, there is no decryption tool for this version of the ransomware. You can remove the ransomware using an anti-malware program but there is no option to restore your files. More information about the ransomware: https://sensorstechforum.com/remove-gandcrab-5-1-ransomware/?%D0%B4%D0%BB%D0%BD

      Reply
  29. Avatarsivone

    Hi, every one on the internet who is kind. Can you help me?, my files were encrypted by gancrab ransomware 5.1. The file shows look like this:

    Diffraction.docx.djhzsis.blower.

    All my files are blower file.
    Could you please help me?

    Reply
    1. AvatarMilena Dimitrova

      Hi Sivone,

      Unfortunately, this version of the ransomware is not decryptable. You can try alternative data restoration methods but there is no guarantee. More information here: https://sensorstechforum.com/blower-files-virus-remove/?lnln

      Reply
  30. AvatarValerio

    Dear Sensors Tech Forum,
    can You help me? Please! All my files, documents, photos, images, videos, and other important files are encrypted and have the extension “.JRSGLQXT”.
    Within each corrupt folder there is the following file!
    “GANDCRAB V5.1 – UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS – Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .JRSGLQXT – The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.”
    Thank’s in advance for Your reply.

    Reply
    1. AvatarMilena Dimitrova

      Hi Valerio,

      We are very sorry for the loss of your files. Unfortunately, this version of the ransomware is not decryptable. You can learn more about it here: https://sensorstechforum.com/remove-gandcrab-5-1-ransomware/

      Reply
  31. AvatarMiguel

    alguien puede ayudarme a desencriptar archivos con la extensión. blower

    Reply
  32. AvatarMaik

    Dear Sensors Tech Forum,
    Please can you help me?All my files,photos,videos,documents and other´s are encrypted by Gandcrab V5.1 on February 09,2019 and have now the Extension “SPKFSF”

    Reply
  33. AvatarMaik Oebels

    Hallo Sensors Tech Forum,
    Bitte um Hilfe.All meine Dateien,Fotos,Videos etc. wurden am 09. Februar 2019 durch “Gandcrab V5.1” verschlüsselt und haben nun die Erweiterung “spkfsf”.Gibt es da eine Möglichkeit die Daten wieder zu entschlüsseln?

    Reply
  34. AvatarIgnacio

    Hola, mis archivos estan encriptados bajo la extensión .cbupus, por GANDCRAB v5.2. Estos métodos me funcionaran? Saludos

    Reply
  35. AvatarMARA

    ESTIMADOS.
    POR FAVOR ME PUEDEN AYUDAR, A MI SERVIDOR LE INGRESÓ Ransomware denominado CRYPT. BORRO TODA MI BASE DE DATOS.
    HAN LOGRADO RECUPERAR LOS ARCHIVOS.
    SLDS

    Reply
  36. AvatarJaume

    No se el nombre del MALWARE me pone la extensión, . FAIL
    Alguien me puede ayudar!!!!

    Reply
  37. AvatarLock

    My PC was affected GandCrab V5.2 with .WKNZFU extension in all my files.. any decryptor for V5.2 released ?

    Reply
  38. Avatarelias

    buenas tengo mis archivos con la extension .ukbmz no se q tipo de virus es m si alguien podria ayudarme gracias ♥

    Reply
  39. AvatarELIAS

    hola buenas mi pc esta con los archivos y tiene la extension .UKBMZ si me podrian ayudar se los agradeceria muchisimo

    Reply
  40. AvatarJhon

    Mis archivos estan infectados con la extension ETH

    Reply
  41. Avatarjorge

    Hola, me paso lo mismo, la extension es .promoz, el mail de rescate blower@india.com y blower@firemail.cc. Me pueden informar si hay algun desencriptador por favor? Estoy desesperado.

    Reply
    1. AvatarIsmael

      Hola, tengo exactamente el mismo problema….haz podido solucionarlo? de ser así, como lo hiciste? saludos

      Reply
  42. AvatarKuki

    I got ransomware with .promok extension :(((
    Asking 490 USD to these email addresses blower@india.com, blower@firemail.cc
    Do you know if there is decrypter for this please? .promok

    Reply
  43. AvatarIsmael

    Hola, tengo un NAS el cual fue infectado con rasomware todos los archivos estan encriptador con la extension .PROMOZ, spyhunter5 logro limpiar mi equipo, pero el servidor NAS aun sigue infectado, alguien conoce alguna herramienta (aunq sea de pago) o alguna forma de recuperar los archivos? la mayoría de mis archivos infectados son solo fotos y video familiares, estoy desesperado, estan las fotos de toda la vida ='( …. esta es la nota de rescate que aparece, desde ya muchas gracias por su ayuda
    ——————————————————————————————————————————-
    ATTENTION!

    Don’t worry my friend, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-ll0rIToOhf
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    blower@india.com

    Reserve e-mail address to contact us:
    blower@firemail.cc

    Your personal ID:
    034OspdywaduiShdktrecpmTcuXM4gQ1VxOiWCronjaflECHMOiIWMEQKZy2r
    ——————————————————————————————————————————-

    Reply
  44. Avatardean i

    hi my files have been changed to FJLTS is therre a fix for this?

    Reply
  45. Avatardean

    all been changed too FJLTS

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .FJLTS

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    and this left in every folder on all my hard drives

    Reply
    1. AvatarMilena Dimitrova

      Hi Dean,

      Unfortunately, this version of GandCrab is not decryptable at the moment. You can follow our website for updates on the ransomware.

      Reply
  46. Avatarravee

    hi My files has an extention of 87a1 how to I recover it I’ve waited for almost a year now,
    please help

    Reply
    1. AvatarMilena Dimitrova

      Hi ravee,

      Can you give us more details about your infection? The extension looks like Cerber ransomware: https://sensorstechforum.com/new-cerber-ransomware-remove-restore-encrypted-files/

      Reply
  47. AvatarIsmael

    me paso lo mismo, mis archivos fueron encriptador por .promoz rasomware…alguien tiene alguna soluciona? (aunq sea de pago

    Reply
    1. AvatarMilena Dimitrova

      Hi there,

      More information about this ransomware is available here: https://sensorstechforum.com/remove-promoz-files-virus/

      Reply
  48. AvatarKevin

    Hello,
    I was hit with a ransomeware and all my files have the extension .local. Can someone help me?

    Reply
    1. AvatarMilena Dimitrova

      Hi there,

      Can you give us more details about your infection?

      Reply
      1. AvatarKevin

        Sure, all files have a .local extension.

        The name of the ransomenote is “HOW TO RECOVER ENCRYPTED FILES”

        And they want me to contact
        BM-2cUPRnXJRuFYKcDUCLugjrCPY58nrvHrAV@bitmessage.ch

        Reply
        1. Avatarkkeny

          Exactement le meme probleme mais en anglais ‘HOW TO RECOVER ENCRYPTED FILES.TXT”
          Tout mes fichiers son en .local
          Même adresse mail.
          l’id fourni est énorme
          help please????

          Reply
  49. Avatarmarcelo

    Hola, en mayo de 2018 perdí todos mis archivos, mas de 50 gb, y mis backups también fueron infectados con la siguiente extensión 2415599031.ransomed@india.com y CRAB.2415599031.ransomed@india.com.CRAB si existe un descifrador se lo agradecería.

    Reply
  50. AvatarAlamin Rahman

    Hello, My PC Effected By .IOPUMLYM Exctension and GANDCRAB V5.2
    Please Anyone Help me for Decrypted my Encrypted file and folder

    Reply
  51. AvatarFacundo Gil

    Hola, soy victima de veracrypt@foxmail.com, me encripto archivos con la extension .adobe.
    Me pueden ayudar?
    Saludos y muchas gracias

    Reply
  52. AvatarSanti JR

    Hola hace un par de meses me infectó un ransomware con extensión .missing, y a día de hoy aún no he podido descifrarlo. lo único que he podido averiguar es que se trata de una nueva variante del APOCALYPSE.
    dejo nota de rescate:(el archivo figura así: IMG_9345.JPG.Contact_Data_Recovery)

    Your computer was hit by ransomware

    Contact by Email for your data recovery.

    Email : restore_2019@mail.ru
    Your Personal Identification ID: ID_RESTORE_E1B5040FES

    We’ll provide proof of recovery and Data Decryption Software to you.

    WARNING: If you don’t contact us, your data will be damaged. If we do not reply, email from a different email service.

    Luego el archivo al cual se dirige citada nota del rescate figura con el nombre seguido de la extensión .missing

    Se sabe algo al respecto, ayuda por favor

    Reply
  53. Avatarjean

    hola necesito ayuda mi pc se infecto con un ransomware .promorad existe alguna aplicación para desencriptar mis datos gracias

    Reply
  54. AvatarTunmise

    My SD card got infected with uuuuuuuu.uuu and it created so many folders. My files are still there but i’m unable to open or use them

    Reply
  55. AvatarCristhian lesmes

    Buena noche tengo un problema con uno de estos virus quisiera solicitar su ayuda el virus es un Promorad2 ransomware, agradezco su ayuda Milena.

    Reply
  56. AvatarJijith J V

    Hi All my files have affected by .bomber extension is there any way to decrypt the same?

    Reply
  57. Avatarluis

    i got my files changed to .kroput files any advice to get it back?

    Reply
  58. AvatarIVAN

    holaa necesito ayuda mis archivos se infectaron por un virus llamado streamer que encripto mis documentos y les puso la extension *.promorad2 alguien que sepa si hay alguna forma de recuperar los documentos, gracias de antemano

    Reply
  59. AvatarCristobal

    hola yo tengo desde ayer uno que encripto todo lo que alcanzo en mi red en archivos compartidos con extension .KROPUT… habra alguna solucion??? me pide 980dls

    Reply
    1. AvatarLeonardo Rovira

      todos mis archivos infectados con la extension .kropun. alguna solucion para recuperarlos? gracias

      Reply
      1. AvatarMilena Dimitrova

        Hi Leonardo, here’s more information about your infection https://sensorstechforum.com/remove-kropun-files-virus/

        Reply
  60. AvatarGuido

    Hola cómo están gente…un virus me infectó mí PC y me cambio las extensiones a .promora2 alguien tiene info o como se puede hacer, muchas gracias de antemano.

    Reply
  61. AvatarGuido

    Hola gente…se me infectó mí PC y mis archivos de trabajo se cambiaron a la extensión .promora2 alguna solución o info de cómo recuperarlos…muchas gracias de antemano

    Reply
    1. Avatarronald revilla

      a mi me paso igual amigo, no has conseguido solucion? soy de Venezuela

      Reply
      1. AvatarGuido

        Nada aún, sigo buscando soluciones…me avisas si encuentras algo… gracias

        Reply
  62. AvatarCarlos

    En mi laptop, memoria usb, y disco duro externo… se infectaron con el promorad2… como puedo recuperar mis archivos sin necesidad de formatear nada.

    Reply
  63. AvatarCarlos g.x.

    En mi laptop, memoria usb, y disco duro externo se infectaron con una extensión que es promorad2… como puedo recuperar archivos de mis discos extraíble sin necesidad de formatear nada.

    Reply
  64. AvatarRolando

    buenas tardes alguien me puede ayudar a recuperar mis archivos que tienen la extecion .promorad2

    Reply
  65. Avatarronald revilla

    buenas noches, fui atacado por virus ransomware que encrypta y deja extension .promorad2 tendrán alguna solucion para esto?????

    Reply
  66. Avatarrizwan

    my pc is infected by ransomware please help me
    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .GBYXADMGV

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    Reply
  67. AvatarAngel corso

    Buenas tardes por favor ayudaaa help me le entro ese virus a mi pc y todos mis archivos tienen esta extencion ( .pulsar1 ) aguien que me ayude a como resolverlo por favor

    Reply
  68. AvatarMarco

    Hola
    Mis archivos han sido infectados por la extensión .charck, hay alguna solución?

    Reply
  69. AvatarJOE

    Hola, necesito su ayuda todos mis documentos de mis discos(Archivos, fotos, videos entre otros) se han puesto con la extension . CHARCK necesito recuperarlos…… I NEED YOU!

    Reply
    1. AvatarMilena Dimitrova

      Hi Joe,

      You have been attacked by a version of Stop ransomware. https://www.sensorstechforum.com/remove-charck-files-virus/
      Unfortunately, there is no decrypter for it at the moment.

      Reply
  70. AvatarIvan Naranjo

    ME PUEDEN AYUDAR POR FAVOR, TENGO INFECTADOS MIS ARCHIVOS, ESTAN CON UNA EXTENSION .pulsar1
    agradezco mucho si alguien me puede ayudar. gracias Iván

    Reply
    1. AvatarMilena Dimitrova

      Hi Ivan and Freddy,

      You both have been infected by a version of Stop ransomware which is not decryprable at the moment. You can read more about it in our article: https://sensorstechforum.com/remove-pulsar1-files-virus/
      If a decrypter is released, we will update the article with information. You can follow us for updates.

      Reply
  71. AvatarManhal

    hello any solution my files all get extension kroput

    Reply
    1. AvatarMilena Dimitrova

      Hi Manhal,
      Unfortunately, no decryption for now. Here’s more information about the ransomware: https://sensorstechforum.com/remove-kroput-ransomware/

      Reply
  72. Avatardaniel

    buenas noches tengo ransomware que me encripto todos mis documentos con extension .pulsar1 alguien que me pueda ayudar son documentos muy importantes.

    Reply
    1. AvatarMilena Dimitrova

      Hi daniel,

      You’ve been infected by https://sensorstechforum.com/remove-pulsar1-files-virus/. The bad news is that there is no decryption for it at this point.

      Reply
  73. Avatarimi737

    Zdravo , Hallo
    All my data hdd is infected *HXCNTD*
    Help…….

    Reply
    1. AvatarMilena Dimitrova

      Hi there,

      It seems that you’ve been infected by а version of GancCrab. Can you give us more details about your infection, such as ransom note, to tell you if a decrypter is available.

      Reply
  74. AvatarPool

    My files are crypted by .kroput,anybody knows the solution?

    Reply
    1. AvatarMilena Dimitrova

      Hi Pool,

      Unfortunately, no decryption tool is available at the moment. We will update our article (https://sensorstechforum.com/remove-kroput-ransomware/) if a decrypter is released.

      Reply
      1. AvatarPool

        Thanks Milena,but i did manage to decrypt 202 files from 4000+ with STOPDecryptor if that helps :)

        Reply
  75. AvatarPool

    Stellar Phoenix Photo Recovery will recover any photo or video,it doesn’t matter what virus ti is,that helped me,cheers

    Reply
  76. AvatarMajo

    Hola como estas. He notado la gran cantidad de virus ransomware. Hace casi un mes que estoy buscando solucion-. Mi pc fue atacada por el GandCrab v.5.2, bien nuevito…. Si uno compra el SpyHunter, recupera los archivos encriptados? o solo elimina el virus? Otra cosa, como hay tantas fallas de seguridad, mi bandeja de entrada de email llena de Spam. (yahoo y fibertel, no asi gmail hasta ahora)Muchas gracias.

    Reply
  77. AvatarLOURDES

    como restaurar archivos cifrados por ransomware

    Reply
  78. Avatarimi737

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .HXCNTD

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    —————————————————————————————-

    | 0. Download Tor browser – https://www.torproject.org/

    | 1. Install Tor browser
    | 2. Open Tor Browser
    | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/5b768db9b0f8d3d0
    | 4. Follow the instructions on this page

    —————————————————————————————-

    On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

    ATTENTION!

    IN ORDER TO PREVENT DATA DAMAGE:

    * DO NOT MODIFY ENCRYPTED FILES
    * DO NOT CHANGE DATA BELOW

    —BEGIN GANDCRAB KEY—
    lAQAALG5rR06FGgc3Z3vHwAexWFvWe6pXKGNmTrUK3/IVnbXC4qekGu5jJZRWr1ycEWWR5+CS8XOrzOzYlWAAgG5fh9i8rcW/NGDy4yCmMzwweh1BadN1ey3T5/DDGcmTPE6y6YMQDEzBqKRrgbUMp3wkFZi8QH67l8laDuZQZtuqE/JCuhGA3knB6B2qkbkYo28Yz6c8cEGjLpN6QYf8MH70IIheuPxthDbuGDLGad9gsng4VujjJ4bPNcJoa+ppIRpiumz8Mkjuxec3nZ81aJE3q9AAfOrmeQvNtW7pvq983CkrfmFf1+9tttOn5xYJYXjfZu2CA+UnbJC3WAwYGMRAkjpqeQFSr2ShlUcgeihKOFFgFugdrHT0nbaxUbDVVgAfC46ScDU8Ro5g4EmPnDS1tS2IUr1RKQBOJxkNyWsbH/CcGt1zmsEfAZP6GHk+8qFVV/O4swwlRIkDGeWk676XQuIGOacH3LzmcT3eei9a5pKEFd0dNeA96JVv6OsK9UHiytpE9SyWohLP+dIfBm5MQi9jJ2yE7i1Rt9nD4D8cdQeKji67n9KZXpjJZliVoRsatamTWkK/+tGgfK+vZY4ob3d6BWl8XWtEvTTLwumWcd2AQcjzJQed2znUdIbjyPCZSe+bW/RCcKuX58TluN2CgOLVWHr/WpjfhEQiIBkk/bXQJsGLTQ3KcM1ZiRRUDutf7UtUkKWNM5OCY9weSYG3qVaCzk9YKVP5FRWbB+AijXkINuN/5alRNfnQ8z+cGEsMB8ss6nbdh6m6l9vEUTkIsbmfEco3sn4rCk+UrxIuAXXKCynPD8q08mHPYjCDCscMTlQ+3cS1tnWpMgC7I8QCQkkX6P6aGzZnLeS2zJ6ewzPlRxwm4e8Uez8RUrQpHT82geycigfblQWe1HnuKnQXeRY1712dt2sgtaoqBvy2xGI8zDnc/gXnvKATm+bdYLoMfYL587IZrTJEw1btpB6Dfr+q0UxPmIWdNIPGsLCSzFZFT1HZI5C8l2dgGJXH6k+LlYl3YalD010WeezH9WMb9yokNHmvzVoD5rDru9M9yNoh/AdzS5Y261c94COD2tGN74Yv+W+AhVI0TTDyA9h4XH0hdQSZbbA9WCGi8Ef/wUn5fbddEK0uOP75X3PZtOCvhdFRSd+7iKFG/6iqvVYnDtT7bsdD0Go3H4Fku3LtBJXmqCuyUsmYqW7rc7gNUvjpRYbFjk/ht19hsblmcytqhODto9X2DHJCpKwoZOOeyuTt/N7UT2It58LohD7OPuRaVXTt4r+tmBopQloYuNpwumKOEj3I0UIT9J5zUlYWdHaw9oQU6HbIGhQRZELsLjMjKZTHpT7MN2jhDVIWwLShEutYCbUSjT757t0ebSLXESrUVrWKuCvtRyFd9LGZDJ+x25R7oeMooFVKysdM4J4WTTYkEhvUCucrP8HrEgnd/7SAPn2MuI7lXbYvOMH6CNYyOvCaNBlCQSX6jlbRdrDRVk6srSd+L4edc8vB7+uVGO+Pt1GY6YV8rrot6JQS2NS9ht3tHui3nk6Uu8+aztnJE6CdRXXXs7PctftNZneRIaZJghTuYDWHgBqoXcJ9tBjt07lEElJRgmRAV7WGgOj9psIysujQpNJUVL9olbR6eikNuulxTgtQK2vLD5LuNv6G9AyB3A/Qdh1E5pGG0dy9gZ6JMtfXJOcR7ud0N3eDCxOoXGkKpi0ocxQ2TRkChvIMxyHwsvQWuKyioVqPn1yovk5LZmwXYiWCsdItGhN9rwvoBR1QPqgn3n/MTv8E1P8Lw24amHWNUBKZTfbVRYwpxY4gHBHcKBxWJL7Zb6vcTRFPBvXNwWyrV3Z68GHMTt351fRG2y5yXGNuHYctNa61IJc/QEiDYlbE9NorWcWaEQO0hRixsYhPDSM1quHTeIsR04tMWnmjXV4UMjYJmNETuS5HKp9semkleUSaMhsB4ThCZaafqe2Jjj+22oQP3OhpVUVK+QOniuFFp5DJG3p6XT8i2Ouxm8lpp7KvVboVO8ZpyrpHGTJt00WvSTjeFgc4jZj3yMy/TP76BeRNdx97bn0KNOsLMV7uK+ounggIdx3+eznL/7Tyuc2sr7cG7F08TwG3LtsaSA83KJ2An7SrKqBw8T+elO7XwKGqtsBsEnM3vnEklN+8qVdlJoTRl/x4JRU6mtlIeUJcyXV1R4ZE+vWI22V8C2GMyasSFKgktc3u8IRllAglXdYokZJEQTTeNQyGjE=
    —END GANDCRAB KEY—

    —BEGIN PC DATA—
    7ftDEgLb/ZS0lcmZbHM61LvJzQOaD5cK2A6MbtAgbXYAWLQC95+cYAdxMWD/9MbJPZC3AvSVpuCmRVvIb3Q4Qz+a8bP6zo4STehtaoWXs6bpGMopS0ugInags8QTqn3soEgwXUJiM8FeiUr/tVKOWpBHJSOrMqL70iY+O9M3k2aL0KcRQ/oDEurBgtkSstyHBvUdIJN0TYNZA3s0F67PDOtF+yPcB5smbLF7Z+3MGN3xgF72rZ3ZUwt7wdxWWO4yn4Wp5y5HC3KrMJiBlVDzeiqo9FrdnMKZ719GSVfO+TAimLr7s4CuGAspCajqRTwVfPf20xBSUiDItL+JL9AKBiJqpsZqR7K3OLGemdSR2keIP43y//MxLLTjT6O6r1xW4eZxTzPJ1fbDL0900Pf6S0az7KAroTHFqZ2NPDKx6yhBud7oMVoK6ieVzOm2qBlvYbwCrtoyoy8A1fmlVjmS7q94BOw8gSWwQ0zSb+QfwNw4LR2j3Li9wF7i8DPfKPyghI2WWKL+6QkQvCyii4FeEv9EqiMxANjhx9QXIE31U0GeyeGMa50B1gs//OQPexoE0nTuCpvrA9c9PD6VRsopLqob8QmecC6V+7DIEcqsE7TRnIeaZEIlb4A05VHMc2nS0KJeDErFmIGkqFpw2EbRxIzGl3VEm8DKGvMCEuydIpiQzgJfQrpB71s2/1/ZdDB8r5KiQFhjqF1/yoXwoFyOuqdBYA56yRhuMMZxGB5sV+B3uzvqG6fuaplMs3UQDWsYCcS6Le3Uxn/maKAeNd3QiFB7RdqsfCI9+d2XxPVJsuoXhfB2B0kLztEkOcK3e/qYaj0JwNTW5DnfJK2n5OfHK1Pv1icGnIlS
    —END PC DATA—

    Reply
  79. AvatarGustavo

    hola mis archivos estan cifrados por una extension.CHARCK, me pueden ayudar a resolver mi problema?

    Reply
  80. Avataruncut

    Hello

    My computer also infected by ransomeware and most of the files extensions are renamed as .doples, are there any ways to decrypt them? Million thanks.

    Reply
  81. AvatarRachael Leigh

    Hello

    My computer also infected by ransomeware and most of the files extensions are renamed as .[mrpeterson@cock.li].GFS are there any ways to decrypt them? Million thanks.

    Reply
    1. AvatarVencislav Krustev

      Hi, besides the [mrpeterson@cock.li].GFS, do you see something else, before it, like:

      “ID-9238H23B. [mrpeterson@cock.li].GFS”

      The reason I am asking Is because this could be a variant of Dharma ransomware.

      Also, do you see any ransom note or other type of Readme file with ransom instructions and if so, what’s the file’s name?

      Reply
  82. AvatarAngel corso

    Hola mi pc esta infectada todos mis archivos tienen la extencion PULSAR.1 Ayudenme como puedo desencriptarlo

    Reply
  83. AvatarChristos

    Hi,

    I have also the [mrpeterson@cock.li].GFS issue.

    Any help regarding removal and decryption?

    Thank you

    Reply
    1. AvatarVencislav Krustev

      Hi, besides the [mrpeterson@cock.li].GFS, do you see something else, before it, like:

      “ID-9238H23B. [mrpeterson@cock.li].GFS”

      The reason I am asking Is because this could be a variant of Dharma ransomware.

      Also, do you see any ransom note or other type of Readme file with ransom instructions and if so, what’s the file’s name?

      Reply
      1. AvatarChristos

        Hi Vencislav,

        1. Nothing before that

        2. Yes, there are ransome txts all over the place…

        Any thoughts?

        Reply
        1. AvatarVentsislav Krastev (Post author)

          You have been infected by a new version of Gefest ransomware. It is still pending decryption so when a decryptor is released we will post it with a link in this article:
          https://sensorstechforum.com/remove-gfs-ransomware/

          Reply
          1. AvatarChristos

            Thanks.

            Hope that you will find the decryptor soon1

  84. AvatarJuan Domingo

    is there any decryptor for this .GMPF virus? i have all my files encrypted with it on an external hard drive but i have no idea how to recover them. can u please help me? thx

    Reply
    1. AvatarVentsislav Krastev (Post author)

      I think that your computer has been infected with a new version of this ransomware: https://sensorstechforum.com/gmpf-virus-ransomware-remove/

      We will update this article as soon as there is a decryptor available.

      Reply
  85. AvatarChristos

    It seems that my messages are not getting through.

    So, (a) nothing else before [mrpeterson@cock.li].GFS and (b) yes there are ransome txts all over the place.

    Any thoughts?

    Reply
  86. AvatarBOnbon

    My files are all infected by luceq , encrypted files extension is luceq
    Please suggest any decryptor if available

    Reply
  87. AvatarABDO1430

    Hello
    My computer also infected by ransomeware and most of the files extensions are renamed as .[.chech.xejgsuypc.chech ] are there any ways to decrypt them? Million thanks.

    Reply
    1. AvatarMilena Dimitrova

      Hi there,

      It appears you’ve been infected by this ransomware: https://sensorstechforum.com/remove-chech-ransomware-files/

      Reply
  88. Avatargerra

    I NEED .GFS files decrypter

    Reply
  89. AvatarPierre

    Hallo, nun hat´s auch mich erwischt:

    “GANDCRAB V5.2” (alle jpg avi mp4 mp3 pfd etc) haben jetzt .zaciox Dateiendungen und sind verschlüsselt.

    Gibt wohl noch keinen Decryptor, oder? :/

    Reply
  90. AvatarIván

    Hola, mi pc ha sido infectada con el virus DHARMA, y mis extensiones han sido encriptadas como archivos .ETH
    ¿Hay alguna manera de poder desencriptarlos? Necesito mi archivo de Outlook .pst urgente.
    Gracias!

    Reply
    1. AvatarMilena Dimitrova

      Hi Ivan,

      Unfortunately, there is no solution for this version of Dharma ransomware. We will update our article if a decryption tool is released https://sensorstechforum.com/remove-eth-files-virus/

      Reply
  91. Avatarmalick

    bonjour,
    Mon pc est infecté par un ransomware avec l’extension « .promos ». Tous les fichiers du pc sont cryptés ainsi ceux de mon disque dur externe.
    Merci pour votre aide

    Reply
    1. AvatarMilena Dimitrova

      Hi Malick,

      You’ve been infected by a version of STOP ransomware – https://sensorstechforum.com/remove-promos-files-virus/. Unfortunately, for now there is no official decryption tool.

      Reply
  92. AvatarGuido

    Buenas noches gente, alguien pudo encontrar una solución para desencriptar archivos con la extensión . promora2
    Gracias

    Reply
  93. AvatarFelicianus Roni

    My PC got infected by [mrpeterson@cock.li].GFS and all files are encrypted by this extension. Is there any decryptor available to decrypt the encrypted files.

    Thanks in advance

    Reply
  94. AvatarBeto calderon

    Buenas noches, tengo un problema con un servidor que fue infectado por el ciphered, hay algun descifrador que me pueda funcionar, tengo una backup de postgres para poder liberar, muchas gracias por su aporte

    Reply
  95. Avataralberto

    Hola, para archivos con .ETH existe alguna solución

    Reply
  96. AvatarEd Sullivan

    I was infected on Nov. 29, 2018. The encrypted files end with the extension .RYK. Is there any hope of getting these files back?

    Reply
  97. AvatarAna

    Hola mis archivos se infectaron y se agregó una extension refols.
    Existe alguna herramienta que puede salvarlos?
    gracias

    Reply
  98. AvatarElio

    I was infected on Apr. 4, 2019. The encrypted files end with the extension .refols. Is there any hope of getting these files back?

    Reply
    1. AvatarRaghda

      Me too

      Reply
  99. AvatarAtif Mahmood

    Hello sir,

    my files got .grovas extension. I tried some data recovery software but these softwares recover encrypted files instead of recovering original files.
    Please help.
    Thanks

    Reply
  100. AvatarDaud

    Please Help me

    My computer also infected by ransomeware and most of the files extensions are renamed as .[.tronas ] are there any ways to decrypt them? Million thanks.

    ATTENTION!

    Don’t worry my friend, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-hK4tAv2Ed9
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    merosa@india.com

    Reserve e-mail address to contact us:
    merosa@firemail.cc

    Your personal ID:
    056dhfgrtycbnalgAGsHWxzelVxa0mbMD7wO0Q0b160JGHBy0OlE6ja

    Reply
  101. AvatarMUNIR

    The encrypted files end with the extension .gjlxe. Is there any hope of getting these files back?

    Reply
  102. AvatarDarryn Reeds

    Anyone know what this one is – Only hit one netword hard drive used for downloading and storing media:
    What happened to your files ?
    All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus.

    What does this mean ?
    This means that the structure and data within your files have been irrevocably changed,
    you will not be able to work with them, read them or see them,
    it is the same thing as losing them forever, but with our help, you can restore them.

    Reply
    1. AvatarMilena Dimitrova

      Hi Darryn,

      Can you send us further details about your infection? Please contact us via email – support [at] sensorstechforum.com. Thank you!

      Reply
  103. AvatarDarryn Reeds

    Hi Milena – I’ve sent detail in an email.

    Reply
    1. AvatarMilena Dimitrova

      Thank you! We will review your problem!

      Reply
  104. AvatarLuis

    Good afternoon, I have been attacked by a virus called “nampohyu” and I can not see or edit my files, any tool for disinfection?
    Thank you

    Reply
    1. AvatarMilena Dimitrova

      Hi Luis, here is more information about the ransomware:

      https://sensorstechforum.com/remove-nampohyu-virus/

      Reply
  105. AvatarAtif Mahmood

    please help me too….. my comment is above

    Reply
  106. Avatarmartin

    good afternoon, got files infected with “.kaedsgbr”
    does anyone know how to recover this?
    Thanks

    Reply
  107. Avatarmartin

    The grandcrab v5.2 attacked my laptop and got the .KAEDSGBR extension in my files.
    Any idea how to recover them?
    Thanks

    Reply
  108. AvatarFarras G

    Hello, My PC Effected By .browec Exctension , anyone please help me

    Reply
    1. AvatarMilena Dimitrova

      Hi Farras,

      You have been infected by a new variant of STOP ransomware. We are working on an article, so stay tuned.

      Reply
      1. AvatarMilena Dimitrova

        Hi again,
        Here’s the promised article: https://sensorstechforum.com/browec-files-virus-remove/

        Reply
  109. AvatarFeguino

    Hi, all of my hard drives got encrypted by gancrab 5.2 and I have tried many things and seen lot of tutorials to get my files decrypted but it wasn’t possible. If someone knows a way, please let me know.

    Reply
  110. AvatarJohn

    Hi guys. I desperately need help. My computer files are locked by ransomware. Filename now changed to .id-5D33294E.[decryptyourdata@qq.com]. Any help is greatly appreciated. Many thanks.

    Reply
  111. Avatarivu

    guys any solution for .norvas extension?
    STOP (Djvu)

    any decrypt software available? please i need help

    Reply
  112. AvatarWira

    Hi Milena,
    My laptop just got Grancrab v5.2

    here’s what TXT says :

    —= GANDCRAB V5.2 =—

    ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

    Attention!

    All your files, documents, photos, databases and other important files are encrypted and have the extension: .GKONVWPZSS

    The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

    The server with your key is in a closed network TOR. You can get there by the following ways:

    —————————————————————————————-

    | 0. Download Tor browser – https://www.torproject.org/

    | 1. Install Tor browser
    | 2. Open Tor Browser
    | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/3a3b3d4da4ed05fe
    | 4. Follow the instructions on this page

    —————————————————————————————-

    On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

    ATTENTION!

    IN ORDER TO PREVENT DATA DAMAGE:

    * DO NOT MODIFY ENCRYPTED FILES
    * DO NOT CHANGE DATA BELOW

    —BEGIN GANDCRAB KEY—
    lAQAAAZ0eV0htBBzATPZz/UKOECfCBqXFPicOdyBgxWQ7EFZEEls+UHMTebpH30xUKQSitaF5Hm24p9iKLE1bHeYXD0Q9WZ8HIwaAK943NAUdflI7R6xs44vfh+lVL1YTFw+rL3l73juWi3hjN5BoeiAyWCfE4LPI6sot6DvyOrvy5BuRrECDi1l8J7FiBG4JNANP9qjw4CwrlF3+fazZrRdnns/gJWWwDMjZIunhnU52xv5hegC8sGkyUCW+Dmp/+33T2xZWBUL5j3gSeOiIaNxXq8aJUZH+ciy4XIz/evOv8YAEvDyXftIR7mCssRRnyAvIp5gDYXv0l9hqJGd+iHbGqkFcxXXDF5AE0g/KvVcaB66k4g8el4f/wVluMi7n1ZgcZSMOlBnN5elOrNssxOVtdbYEMqPrK837MVIRNgGSuRS2CQ01COUg68VCHEuSEvcb6/dCpUWX8DSkGgF5IFiUkXycIkRyaOQh9nMI+wlLI4KUa2eysNL7OkE4piQwx7VQO11MspiE3nYzZulO6dVh/0jHtS2qR+zH1qSPbD2PFKZiiAY9X9HRt2/QF+mjEof6tVW4aE4ewk3ndfs0nGx8quSP4Mwkh4Xe+GxQLl1q4Pg5mEm83H1R+4eZoW+mV7rL4knpWTAGk7rXY8BiWrZUOrdajl/T8hyqy/zd3M+WsNDssVrBzwEFbMMdPnoNeVtP5hCGlf3xmXvst824FjUktG09pJuNor4aXLBy8qB/dxdJfMfLR7vVRMK2C3yyVTUvQpC9JF+qLee8ZGc4WsCNooh44omwCbnFLPCcVP8eUKm5wPtzLpJNOhjZ/Q1+Uw6s/3Wgy6yhpBQRTduA+71NbnqIRVv0Oa687OVfJWOWymmFQj1AEi/PnZezS+DuWOdnPcZfe7U+cAARv8zcjqegobHKx9S8vtXfzAbTXuSZFA2IeJOxm76hpZfZD2qGhFLJSYuZcs2rqvVxFsrJEwhYin05x/K/jZN40S4McpkPutRmcTrlRBICMonJlXgDhP/onoZ6BD0Gyg4yd/R+2ggVtC6sqaxmJ+mvvw7eQP/tKIwkLAOSo+LPdEYRuF0Gs57KD7j08L6oLnwx4uAlVN4LfZj190psAUlesDUxQUlx4sVWTdFA/jeu19XBOfm+vvoijtK/6B1Yng4LKKVKeIYZOosxqk30tFW7kMj6bz3irXJfCNpCgL09aogDVuh82BsQhKlomg+Ck+AZp+ddzA4CndsOHspyZY0mPN0XtBuvguQn+Q5cQs15eF1kk98KF6Cww+QwA4gE0TPacqp+7E+9JYtc6pCy21OrGbqwTRkE0G4k37eMEXHS0OCXh+JoXLDK7jED8zFStuK4SQGwH87N7+mexjitvN8ZAXLvV2xWmYMyw25nPANv0zmgb8qWDLZSFjCBklHDsgfpQ6z+IuEOAe7d/yJ1UOhcoqHDOQ5w4MzE5TH9jrTvy0QNg9ygDj+e9hWsYXP0NXda7EcEJF8ZsE890x2qg+W3ivpODul3viCDWM12EZtc1VwS/mIkOeQoewtzvtmPnVFB3dE2vyWxcF1OLrnQjTc6+UCYyjlADEjfAyJbg1I2wX//dwNfNwWD4Y+snS45/AxVY7k8TXsPWHCz+Q4rQAHp+E8q9Vptrt8DJfSalzJX3qHZIBHmWvXg4H4JYhAuVpZPW8n1U2B5ldgla0Fh1TtU6Ve9ZkAN48iJGdisD1DXsyHk2u9WZjSWxDwFvTiIc1oKjKgm+TT6WG+VoNU+yCcyq3sbNUwJ1pHw7RIbuHF4VihOamGRia5PHoh4q68FDDejiMOxsRT8RwKrH7dXK6aDHzCtGSbISjlQ3ps+Hjeneq4Q5+LGQ3jyYqOgLGIEM55AeWdghjNTeaZEx7gfqSiUaqmqqv6bdHFJln19zMtgNzOF0xD1+ouvGnmtcLc4jw7wqoWz4B5VGB9i6FudGNskiwHowznJmJ+Y9uRI+XXx7g1zH+bTqWvNssenT1LfRyMBogC3BInWimdOFAEDG1TEiNJ1ZIsmx5AKpt+YoPbeRYHDANd/ZomsxL01ZWHeSyO/gSYsLdnQNYPFmJ0Q6wEdb8p1TAWIY29mYRLYh1Fpq1KGG5IImmQwmfLVij+ZHjypiqkKPACPYwneu54jbdjmR4eQZ6Gsz9XtSKuQ6L1Sffgl947J2MD2u7YgJFpYeGHk5Br6tmwRieTCiog/sQ5oBbGbZvnx6E8voLii7P4BD0bC3V5QxQPSdeCTr8=
    —END GANDCRAB KEY—

    —BEGIN PC DATA—
    7ftDEgLb/ZS0lcmZbHM61LbJ5QOrD78K2A6MbtAgbXYAWLQC95+cYAdxPGD39NfJNZC3AvSVpuCmRVvIb3Q4Qz+a8bP6zo4STehtaoWXs6bpGMopS0ugInags8QTqn3soEgwXUJiM8FeiUr/tVKOWpBHJSOrMqL70iY+O9M3k2aL0KcRQ/oDEurBgtkSstyHBvUdIJN0TYNZA3s0F67PDOtF+yPcB5smbLF7Z+3MGN3xgF72rZ3EUwh72NxaWKMyroWv5y5HQHKtMJ6Bp1C3eiyo81q/nNiZsF8GSUzO8zB1mOD75oCzGAcpOKjwRTcVLPea0xhSBSCXtLmJKdAJBnBq/8Y6R7W3ZbHMmdGR2kfVP8/ypPMxLODjVKORrwJWw+YFTyjJqvbBL1l0uveLSzuzh6AsoTfFqJ2FPDSx6ihDudroK1oI6iCVzemgqBFvYbwKrt8yoS8F1f6lXzmN7tp4DOxOgUCwX0ytb+Yf1txSLW2jqLjSwFri8TPXKP2ggo2XWKT+5gkLvCyiiYFfEvhEtSMwANrhxdQRIEb1UEGbyfSMGJ0C1n0/geR7exoErHT3CuvrYtdAPEKVL8osLq4b8wmecCyV+bDAEdKsHrTanImaZUIqb5k071HAc27S0qJYDEjFjIHSqFZwrkaoxPjGmnU6m9nKYvNqEp2dXpj6zgRfRbpC71g26F/SdD18r5KgQFNjrF16ypzwu1zyuq1BFw4LyXBuRcYDGHRsVuB+uynqR6e5apBMsXUeDWYYGsT7LbfUl3+JaP8eZ93ZiFR7QdqtfCI97N3TxLxJiupehd92IUk9zqkkSMLGe/yYdD1dwIDWoDmEJPWnvefCKwjvjydFnNFS+UC8uMJ2OEuUY4im4bC4pFh1PKMdocIIMVHNSiuljM5atLVUtveokNxYVn1oo84bQY8icmg97wv6B922CjhdeBucwZMdVSGaL80KTREDeZesAqtbG6ipmfSgPyWMYwOJrrF9NPJ0rIe6Pg==
    —END PC DATA—

    Any chance how to decrypt my files? i just lucky it happen quick but i saw it and disconnect the internet and remove it using loaris trojan remover. so it’s only effecting some folders not all.
    Please let us know what should we do to decrypt the files back to normal.

    Thanks a lot Milena !
    Greetings from Indonesia

    Wira

    Reply
  113. AvatarKit

    ANY SOLUTION FOR THE FILE *.NORVAS” AND “.ETOLS” Extension?

    I’m really in trouble..
    ————————————–
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.norvas )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.txt )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pdf )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xlsx )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xls )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.jpg )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.docx )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.doc )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.zip )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ttf )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ppsx )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.MP4 )
    No key for ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pptx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.norvas )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.txt )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pdf )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xlsx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.xls )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.jpg )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.docx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.doc )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.zip )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ttf )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.ppsx )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.MP4 )
    Unidentified ID: a6O73oLJl0WDKZZiiIi16sXgsZpPrZGnunxnaffu (.pptx )
    MAC: 14:2D:27:26:13:F7
    MAC: 00:00:00:00:00:00:00:E0
    Decrypted 5 files, skipped 2987

    Reply
  114. Avatarnabeel

    i have all my file extension with .verasto !!! i installed a clean copy of windows in C: but my other separate drive that i have kept for back is all still infected i want to clear that ” .verasto ‘ extension that is show up any solution?

    Reply
  115. Avatardhs

    same with me..need help

    Reply
  116. Avatardhs

    I need help to overcome the virus. norvas, does anyone have a solution?

    Reply
  117. AvatarAri

    Can some body help me with this extention .guesswho to decrypt my file, Thank You

    Reply
    1. AvatarMilena Dimitrova

      Hi Ari,

      Can you give us more details about your infection? You can send us more information on support [at] sensorstechforum.com.

      Reply
      1. AvatarAri

        all my file become extention .guesswho

        xample my file :
        HFKO2QUQAS.guesswho

        this information :
        Hello, dear friend!
        All your files have been ENCRYPTED
        Do you really want to restore your files?
        Write to our email – rapidka@cock.li or notnepo@cock.lu
        and tell us your unique ID – ID-94PB343W

        Reply
        1. AvatarAri

          this link xample my file extention .guesswho
          https://drive.google.com/file/d/1ZtvTX6MmOVjBaqDA_Ou1EQjIStEvqlrD/view

          thank you..

          Reply
          1. AvatarMilena Dimitrova

            Hi Ari,

            Unfortunately, this appears to be a new ransomware, not much is known so far.
            What have you done so far with your infection?

          2. AvatarMilena Dimitrova

            Hey Ari, we created this article https://sensorstechforum.com/remove-guesswho-files-virus/ which will be updated with more details. In the meantime, you can remove the ransomware using an anti-malware program but first make sure to back up your encrypted files.

          3. AvatarAri

            Hi Dimitrova,
            thank you for your respons, i am very confused because my server backup infected too, now i am start fron zero data..but my encrypted file still keep it.

          4. AvatarMilena Dimitrova

            Hi Ari,
            Do you have an idea what started the infection? Where did you get the ransomware from?

  118. AvatarJuan Vargas

    My files were infected with verasto ransonware. Is there a solution to recover? Any decrypt software? Thnks

    Reply
    1. AvatarMilena Dimitrova

      Hi Juan,
      This appears to be a new version of STOP ransomware. You can learn more about it here: https://sensorstechforum.com/remove-verasto-files-virus/

      Reply
  119. AvatarAri

    Hi Dimitrova,
    thank you for your respons, i am very confused because my server backup infected too, now i am start fron zero data..but my encrypted file still keep it.

    Reply
  120. Avatartakewa

    Hi, I have been infected with morsea virus on the whole machine and leave me a message if you want to return my files sent a sum of money
    What should I do

    Reply
  121. AvatarMark Anthony Pelegrin

    My files were decrypted by kiranos virus or i believe STOP ransomware. I cannot open it anymore. I tried removing the double extension but to no avail.

    Ex. wordfiles.docx.kiratos to wordfile.docx.

    Please need your help. Important family files to be retrieved.

    Thank you for your immediate response.

    Reply
  122. Avatarfrizol

    Please help. All my files have been infected with ransomware and all of it has an extension name .TODARIUS

    Reply
  123. AvatarAgung

    my computer was infected by a ransomwire named VERASTO. The virus left almost my data & applications (doc, xls, pictures (pdf, cdr), music, executable) encrypted and the file extension changed to VERASTO. So far I failed find the way to decrypt the encrypted files.

    Reply
  124. AvatarAntonio Cardoza

    Hi, My files been infected with file extension n064h.

    Reply
  125. AvatarJUDY

    Hola mi pc fue infectada y toda mi.información fue encriptada. En todos los archivos me sale la extensión HOFOS. Como recupero . Alguien q pueda ayudarme por favor.

    Reply
  126. AvatarEni

    My files got infected with Phoenix ransomware, all documents encrypted. Any solution please, or a decrypter software?

    Reply
    1. AvatarMilena Dimitrova

      Hi Eni,

      Is this the ransomware that attacked you? https://sensorstechforum.com/phoenix-files-virus-remove/

      Reply
      1. AvatarEni

        Hello Milena,
        Thank you, yes it is: .id[4A792664-0001].[autrey.b@aol.com].phoenix

        Albeit, I am yet to find decryptors seen above that specifically decrpyts .phoenix encrypted files.

        Please assist further. Thanks again.

        Reply
  127. AvatarAhmed

    Any help about .Fordan ?

    Reply
    1. AvatarMilena Dimitrova

      Hi Ahmed,
      Unfortunately there is no decrypter for the latest version of STOP ransomware (.fordan).

      Reply
  128. Avatarterry

    hi is there any decryptor for a ransomeware .fordan

    Reply
    1. AvatarMilena Dimitrova

      Hi Terry,
      Unfortunately there is no decrypter for the latest version of STOP ransomware (.fordan).

      Reply
  129. AvatarCristiano

    Hello!
    All my files have the extension .fordan….Not working…..It’s a ransomware….Is there any decryptor ?

    Reply
  130. AvatarKamran

    Hello Milena,
    Thank you, yes it is: .id-721A22A5.[3442516480@qq.com]
    I am yet to find decryptors seen above that specifically decrpyts encrypted files.
    Please assist further. Thanks.

    Reply
  131. AvatarAdmir

    Hello, any decryptors for .bufas extension. It seems it has been online just recently and spreads fast. Thanks.

    Reply
  132. AvatarTanveer

    hi .. I got my files attacked with .fordan… ransomware ..I wonder if someone can help me

    Reply
  133. AvatarJohn Garcia M:

    Hola.. Mi pc se infecto con un ransomware que deja todos mis archivos con una terminación .forasom me puedes ayudar? Muchas gracias

    Reply
  134. Avatarzeeshan

    My pc attacked with .bufas virus extension , if anyone know the solution how to decrypt them , please help me

    Reply
  135. AvatarVibhanshu

    My files got attacked by .dotmap ransomware.Please help me anyone to get rid of this…

    Reply
  136. AvatarJames

    my files are decrypted and the extension is .hclqephnq
    how can i decrypt them ?
    please help i am desperate………..

    Reply
  137. AvatarXaris

    My external hardrive got infected by ransomware virus and all my files got .radman extension in the filename and they doesn’t work anymore… please help me resolve this issue.. most article that i have read are for pc and laptops.. how about external hardrives or usb?..please please please help

    Reply
  138. AvatarMikhail

    my files are decrypted and the extension is .locked, .locked2, .locked3
    But if rename files – totalcomander asks for a password
    files 7zAES:19
    how can i decrypt them ?
    please help

    Reply
  139. AvatarMiklos Alin

    Hello,

    Can you help me?
    The extension of all my files were changed into .i1n7y95pm6
    How can I have the files back?

    Thank you for your help.
    Best regards,
    Alin

    Reply
    1. AvatarMilena Dimitrova

      Hi Alin, can you give us more details about your infection?

      Reply
  140. Avatarallen

    my files were infected and changed to .uvwfn and .roaqonoe can you help me with this?

    Reply
  141. AvatarHallder Hans Ramos Martel

    Hola Milena Dimitrova, mi computador se acaba de infectar con el ransomware con la extensión .DOTMAP, por favor me podrías ayudar, necesito esa información que esta infectada, te lo agradecería mucho

    Reply
  142. AvatarMiklos Alin

    Hello,

    7 days ago my computer got infected.
    It started with the files from Dropbox and then everything what was saved on my hard drive.
    The files were encrypted in each folder, I have all files with extension “.i1n7y95pm6”, a text file and a file with extension “.lock”.
    It asks me to follow a link and to pay to have them back. It also says that i need the i1n7y95pm6-decryptor app, they can provide if I pay the fee.
    Sadly, beeing a photographer, all my photos from last wedding were affected, so I’m screwd up.
    Please help, if possible.

    Thank you.
    Best regards,
    Alin Miklos

    Reply
  143. AvatarKevin

    My files are encrypted with extension of .a0cb

    Anyone able to help?

    Reply
    1. AvatarMilena Dimitrova

      Hi Kevin,

      You can refer to our support chat on this page: https://sensorstechforum.com/spyhunter-download-and-install-instructions/?nr=1
      Our experts may be able to assist you.

      Reply
  144. AvatarCiella

    My files are encrypted with extension of .DOCM

    Please help me.

    Thank you.

    Reply
    1. AvatarMilena Dimitrova

      Hi Ciella,

      More information about the ransomware: https://sensorstechforum.com/docm-ransomware-remove/

      Reply
      1. Avatariwan

        how to decrypt ransomeware .BLOWER

        Reply
  145. Avatarnabin

    Hey Guys what’s up ? my backup drive infected by a . REZUC Ransome virous. I tried to recover the infected files by POWER DATA RECOVERY and Steller PHONIX WINDOWS DATA RECOVERY but not working. these two software recover the file but same as a infected one with same name. (infected file name. jpeg.rezuc)

    is there any Solution for this problem? please help me

    Reply
    1. AvatarNiyal Nagar

      Hello, friend
      my data is also infected from the same extension .REZUC
      Please tell the solution if you got.
      I will inform you if i got something.
      niyal.nagar@gmail.com

      Reply
  146. Avatarjhoswal

    ! YOUR FILES ARE ENCRYPTED !!!

    All your files, documents, photos, databases and other important
    files are encrypted.

    You are not able to decrypt it by yourself! The only method
    of recovering files is to purchase an unique private key.
    Only we can give you this key and only we can recover your files.

    To be sure we have the decryptor and it works you can send an
    email wtfsupport@airmail.cc / wtfsupport@cock.li and decrypt one
    file for free. But this file should be of not valuable!

    Do you really want to restore your files?
    Write to email:
    wtfsupport@airmail.cc
    wtfsupport@cock.li

    Your personal ID: C596F821-01E7-AE6C-9025-74F883BF38C8

    Attention!
    * Do not rename encrypted files.
    * Do not try to decrypt your data using third party software,
    it may cause permanent data loss.
    * Decryption of your files with the help of third parties may
    cause increased price (they add their fee to our) or you can
    become a victim of a scam.

    Reply
    1. AvatarMilena Dimitrova

      Hi jhoswal,

      Can you tell us what file extension is appended to your files?

      Reply
  147. AvatarGeet

    In my PC all files are encrypted by .boston file extension and it shows this message everywhere:
    ATTENTION!

    Don’t worry, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-BTtULebL7F
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    gorentos@bitmessage.ch

    Reserve e-mail address to contact us:
    stoneland@firemail.cc

    Our Telegram account:
    @datarestore

    Your personal ID:
    099nHgSrtddgsDC8wRtYGBcyY3EID5WKqCqXmHWXfRi1IuCpGaki3

    Reply
  148. Avatarsavan virani

    Sir my files are infected with .pidon extension. I have tried Stop Decrypter but no luck.When do you think that the decrypter will be available.

    Reply
    1. Avatarshafiq

      My files have also being infected by .pidon extension. Please help to decrypt it.

      Reply
  149. AvatarDino Bribe

    hay, My files are encrypted with extension of .Truke
    do you have any idea how to get my file back ???
    thanks

    Reply
  150. AvatarJose Olivera

    Hi Milena Dimitrova,

    I see you are trying to help a lot of us with similar problems, the file extensions that are appended to our files. I see a lot of common extensions but have not found the one that infected my PC. Can you help me? The extension is .HBTOSE

    Warm Regards

    Reply
    1. AvatarMilena Dimitrova

      Hi Jose,

      Can you please send us more information? What does the ransom note say? You can send us an email at support [at] sensorstechforum.com.

      Reply
  151. AvatarKing

    Hi Team, can anyone help. files encrypted with .nusar extension.

    Ransom note:

    ATTENTION!

    Don’t worry, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-26O6Irjllx
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    gorentos@bitmessage.ch

    Reserve e-mail address to contact us:
    varasto@firemail.cc

    Our Telegram account:
    @datarestore

    Your personal ID:
    108bTddSKjtqXoxZBYibA1m4sRgLU28MuDKhXF3Gru7Uy0IKrP

    Reply
    1. AvatarMilena Dimitrova

      Hi King,

      Currently, there is no decrypter for .nusar files. You can try alternative data recovery methods listed in the article but unfortunately there is no guarantee they will work. Our advice is to be patient and wait for an official decrypter.

      Reply
      1. AvatarKing

        Hey thank you for responding Milena. Its very much appreciated. Hopefully i wont have to wait too long for a decrypter.

        Thanks again

        Reply
  152. AvatarJaja Azeez

    Hello,

    Can anybody help me?
    The extension of all my files were changed into .qbfubc
    How can I have the files back?

    Thank you for your help.
    Best regards,
    Jaja

    Reply
    1. AvatarJaja Azeez

      My pc was infected since December 24th 2018, but i was never switch on my pc since that. I thought it will be remove itself when i do not open for a long time, but it still have. So, i really need help on this.

      Reply
    2. AvatarMilena Dimitrova

      Hi Jaja,

      I believe you’re infected by GandCrab ransomware. Can you tell us what is written in the ransom note? There are a few other ransomware that use similar random extensions and we need more information to confirm.

      Reply
  153. AvatarAditya T

    My whole system got infected through ransomware and each and every file get extension .lotep . How shall I get back my files in original file formats ?
    Help me Pleaseeeeeeeeeee

    Reply
  154. Avatarmahmoud

    my lap infected with ransomware and each and every file get extension herad
    how to recover my data
    plz

    Reply
    1. AvatarAniket

      hii mahmoud,
      Try STOP decryptor it might be helpful to decrypt your files which are encrypted with offline key.

      Reply
  155. AvatarAniket

    my laptop got attacked with new ransomware and they are asking for money

    Reply
  156. AvatarAniket

    my laptop got attacked with new ransomware and they are asking for money what to do
    with .berosuce extension

    Reply
    1. AvatarMilena Dimitrova

      Hi Aniket,

      You’ve been affected by the latest strain of STOP ransomware. We’re currently working on an article with more details.

      Reply
  157. AvatarAniket

    Thanks Mam for replying,
    My files are decrypted now.

    Reply
  158. AvatarTendai

    my laptop has been attacked by a new ransomware, all my files ie documents , photos and videos are infected with a .cezor extention.Is there any decryptor for the cezor virus?

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hey, Tendai!

      Happily, you can attempt to restore .cezor files with a free decryption tool released by the security researcher Michael Gillespie. You can download the tool via the Decryption Tool link here. The tool requires a pair of an original file and its encrypted version.

      Reply
  159. AvatarHUMBERTO M

    HOLA, BUENOS DIAS!
    MI ORDENADOR FUE INFECTADO Y TODOS MIS FILES DICEN QUE ESTÁN EN UN TIPO DE DOCUMENTO ( .ACCESS ) NO PUEDO VER NADA.
    APARECIÓ UN MENSAJE EN MIS CARPETAS QUE DICE _README.TXT Y PIDEN DINERO PARA RECUPERARLO Y ME DEJAN EMAILS DE CONTACTO.
    ES POSIBLE HACER ALGO? ME DICEN QUE TENGO 72 HORAS.

    Reply
  160. AvatarRoman

    hola buenas tardes , en pocas palabra me sucedió igual que a todos con la extensión .Format……. se puede hacer algo con esa extensión?

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hello Roman,

      The Format ransomware virus removal guide linked below is updated to provide .format files decryption solution. Good luck!

      https://sensorstechforum.com/remove-format-virus/

      Reply
  161. Avatarmohd raahim

    hi I am Raahim from INdia My pc was hacked and all files were changed to .banjo by ransomware..please help

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hello Mohd Raahim,

      I’m sorry to inform you that this ransomware is not decrypted yet. So the best you can do for now is removing all malicious files like shown in the Banjo removal guide below and attempting to restore .banjo files with the help of some alternative data recovery methods.

      https://sensorstechforum.com/banjo-virus-remove/

      Reply
  162. Avatarmohd raahim

    hi my pc was attacked by a .banjo ransomware..please help in decrypting files

    Reply
  163. AvatarOla

    Hello my laptop infected with .prandel and all files on D drive encrypted to .prandel. Files on c drive are intact.

    Can anyone offer suggestion please.

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hey Ola,

      Make sure to try the steps provided in this STOP ransomware decryption guide. The free decryption tool was updated to support .prandel files recovery. Wish you luck! Tell us about the results.

      https://sensorstechforum.com/decrypt-files-stop-ransomware/

      Reply
  164. AvatarRoman

    Buenas tardes , estaría necesitando es descifrar los archivos .format ……… hay solución?….. esa informacion q me enviaste es para remover el virus no para desifrar , Gergana muchas gracias.

    Reply
    1. Gergana IvanovaGergana Ivanova

      Hi again Roman,

      If you navigate to the “Decrypt Files Encrypted by STOP Ransomware” link from the Fromat virus removal guide and then click on it you will access the following article – https://sensorstechforum.com/decrypt-files-stop-ransomware/

      It presents detailed instructions on how to download and use the free decryption tool that is updated to support .format files decryption.

      Reply
  165. Avatarraahim

    Hi Gergana thanx for replying…but can i expect after some time when the decryption
    method is available…? because as .banjo will too have a decryption method after some time..is it?

    Reply
  166. Avatarreji

    are there any decryption tool available for .guesswho randsomware?
    will it help if we have original and encrypted file?

    Reply
  167. Avatarcristian c

    Hola. Mis archivos tienen extensión .decrypt019 . Alguna aplicación para recuperarlos? Please…

    Reply
    1. AvatarMilena Dimitrova

      Hi Christian,

      Can you provide us with more information? What does the ransom note say?

      Reply
  168. AvatarRoman

    Hola y buenas tardes a todos , cuento un poquito mi experiencia , después de dar vueltas y pasar malos momentos durante 10 días pude recuperar mis archivos , los recupere usando mi ultima carta que fue pagar el rescate , al pagar no demore 5 hs en poder volver mis archivos a la normalidad , si son de mucha importancia sus archivos para evitar malos momentos concejo pagar el rescate…….. si hubiera pagado cuando me paso me ahorraría 9 días de sufriendo y tiempo perdido en tratar de llegar a una solución ……. solo quería contar un poquito mi experiencia , suerte con sus problemas.

    Reply
    1. AvatarMilena Dimitrova

      Hi Roman,

      What is the ransomware that attacked you?

      Reply
  169. AvatarSiddharth

    hello Sir,my pc got encrypted with .NASOH file extension is there any decrypter tool for free please help, the hackers have also sen me a decrypter tool link, please help.

    Reply
  170. AvatarFabiane

    Good night my computer was infected with the .nelasod virus, I don’t know if I had a ransom message because as soon as I saw the extension of the files change I took the laptop to the technical support and they just formatted the computer. Then I was very nervous because when I searched I saw that if I had not formatted I was more likely to recover the files. I have already passed Stodecrypter but have not recovered 1423 files. Below the message of the program, I hope someone helps me, are files of my work and do not have updated backup. Thanks

    Reply
  171. AvatarRoman

    .format

    Reply
  172. AvatarIAKY

    Hi everyone,
    My files were encrypted by the extension .MJT55IDJ

    and there is a text file which mentions the extension along with the link to website decryptor.top also there is a tor link for tor as well.

    I cannot identify what method for use as it seems like an unknow extension or it can be just an extension already used.

    Any help here would be appreciated. Thanks

    Reply
  173. AvatarEgroj

    Hola a todos,
    Alguno de uds ha experimentado o conoce de problemas de infección causados por el ramsonware .STAFS?
    Mi servidor amaneción con ese problema, y por razones obvias, no hemos podido trabajar.
    Les agradecería mucho cualquier indicio de ayuda al respecto.
    Gracias!

    Reply
  174. AvatarAniket

    My files are encrypted with .hese extension which ransomware is this? what should i do? please reply as soon as possible

    Reply
  175. Avatarsahil

    hi my file was infected extension is SETO plz help me to how to decrypt my file plzzzzzzzzzzzzzzzzz

    Reply
  176. AvatarAhmed

    Hello, my files have been encrypted with
    . meds extemsion, any decryptor available

    Reply
    1. AvatarMilena Dimitrova

      Hi Ahmed, for now, there is no decrypter for this variant.

      Reply
  177. AvatarAli Yasser

    ATTENTION!

    Don’t worry, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-ZFjRnJfc9f
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    gorentos@bitmessage.ch

    Reserve e-mail address to contact us:
    gerentoshelp@firemail.cc

    please find a solve

    Reply
  178. Avatarmoon

    hi my files are effected with .domn ransom ware. please help me.

    Reply
  179. AvatarFernando Solano

    Me infectaron con archivos terminados en @tutanota.com].actin, me remiti a una herramienta que tiene McAfee y logro extraer un codigo, imagino que es una llave, pero no aparece una ventana que debe aparecer para aplicarla, alguien sabe algo sobre esto?

    Gracias

    Reply
  180. Avatarmoustafa

    my infection is with virus called Kvag one of DJVU viruses if there is a solution for my files please help me

    Reply
  181. AvatarPrasanth

    Hi,
    My files are encrypted with .KARL extension. I need a decryption tool to restore my files. Can anyone help me with a decryption tool please. Thanks in advance.

    Reply
  182. AvatarRichard Frimpong

    my desktop computer is infected with a virus called “kvag” and i cant access my files please what should i do to recover my files.

    Reply
  183. AvatarDave Blake

    I tried the STOPdecrypt and my files state this:

    zb4VhvvuCVcmcaY5U1eYScU1Lgyp7LNTgrM27P7l (.meds )
    The Personal ID the hackers “assigned” me is this:

    Your personal ID:
    162Ad768734uygjdfgzb4VhvvuCVcmcaY5U1eYScU1Lgyp7LNTgrM27P7l

    How do I get my files back. My PC knowledge is minimal.

    Reply
  184. AvatarRakesh

    Infected by .MOKA extension. Text note is as below. Can I get any help?
    ATTENTION!

    Don’t worry, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-ZFjRnJfc9f
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    gorentos@bitmessage.ch

    Reserve e-mail address to contact us:
    gerentoshelp@firemail.cc

    please find a solve

    Reply
  185. AvatarVarenya

    All my files have been decrypted with .reco extension. Is there any decryptor available for them?

    Reply
  186. AvatarBachrul Arief F

    Hello admin,,please help,,

    yesterday i my server got YDHM ransomware from RDP vuln.

    could you help me to find a decryptor for YDHM ransom??

    Reply
    1. AvatarMilena Dimitrova

      Hi there,

      Can you provide more information about your infection? What does the ransom say, what is the file extension?

      Reply
  187. Avatarvamsi

    All my files are changed to .RECO extension..
    Is there any decrypt tool for this ransomware?
    please help me…

    Reply
  188. AvatarPaco H.

    Hola a todos. Tengo todos los archivos encriptados con la extensión .a107
    ¿Sabéis cómo recuperarlos?
    Gracias de antemano.

    Reply
    1. AvatarMilena Dimitrova

      Hi Paco,
      Can you provide more details about this infection? Do you see a ransom note, and if yes, what does it say?

      Reply
  189. AvatarManuel Hernandez

    Hola,

    Me acaban de aparecer todos mis archivos con la extension i8r6i

    me aparecio un archivo de rescate: i8r68-readme.txt. Abra alguna forma de recuperar mis archivos?. Gracias por su ayuda

    —=== Welcome. Again. ===—

    [+] Whats Happen? [+]

    Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion i8r6i.
    By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

    [+] What guarantees? [+]

    Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will not cooperate with us. Its not in our interests.
    To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
    If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise – time is much more valuable than money.

    [+] How to get access on website? [+]

    You have two ways:

    1) [Recommended] Using a TOR browser!
    a) Download and install TOR browser from this site: https://torproject.org/
    b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8A2BCC537C222A2B

    2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
    a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
    b) Open our secondary website: http://decryptor.top/8A2BCC537C222A2B

    Warning: secondary website can be blocked, thats why first variant much better and more available.

    When you open our website, put the following data in the input form:
    Key:

    1YmXlsfAPpVLGYh2A1ORFymHMxykuGioTJPbJ9U20rizJRCidOPYjVkTX7Ns3iqK
    H5Q60vT/3ZqHysKrrdrOZ3f4n7eEEEypn6mIXW2S4vLJTZFgkEySqd0VdGJrLJum
    AsX195SF7nKBHuJ+XvwEWaw8qOykzsPldRgTcoBLfs9HRxs+m9+g8luJDJsvkYkg
    FCnWMdJ6c3SJ5UqIdFUpv4Pjl55QGtaeQPrq3QdtcdPUpaC0GuHqy68Jzu+wm0lt
    slLa7udw7Dv72IEim6pVrfEwRBvxkFW+quZZjXaHyW5bWg20roW99JyzwhAUkwpi
    WF7J2zQSB4K7JP2l9/TvRHIXuhVGD+hzm0fHZf5RLeulkTDdJ0pHpP54WL3pzWji
    ZEYfMhVUW2NsQUNooguvtOCYVYAOlenJnbbCBhYWI/0quehkazK6AerzR4lKRoqq
    5p+jlpPvth5ZWCUYukQ5d6ns0sKrkJ2fSTS0OohDfDu/LhCY+/4wH9qoV6mYqRGp
    4GNvG1ESDKqP7Pe3CNorUA2oDuYlEZO36HyvvapOh3MGeafVArDTTE8ubiTmzLFf
    bsgPHi8U2Ld4A79GqIlUEfvr6yXuNMyxwj4ABB5r0i3nqyukSia0XS/e0rEJZwBb
    NGWe2IGr80Q7q5/JaH2cG4Rs+Iv88NBZgcG1556f6DURKS4tSmN1mUAEB/+X7PV6
    0F6Pe5SBPbRiUjISPInuieXmZ9mgY1ZR6hUWwY91sxmC4YHHAPE8HDJBYu/zF+mD
    ruLDyzmZyFlJBM8eS5HftzoVG6V7EUPoop6DopIZccVrmBQSIw1PiaJz8PaXbZSb
    X8pzlMWDQ7EhIbtvmBcsSt/5RPNUF6KJtNOP7m388a2Y09Skqc7rNmpRzpEINkbJ
    skg1WznzPDWD2GR4MLnNgELXkN5WdksjmVMaBKkj1s8K3UeWx+Pc+VOVWotz6Q0Z
    LMirhKtENr3XHg30uu0Tm4diLjiMhPDu6LqO103T2o+/Mj/2mF61f8oh3A+Pw7Ui
    8tQsrhpRga7g18tXliuLxyEIHXKZ8nduNIQv65H5M72NfxQEcwCrGV5/lrc+hDlf
    AX0C2Kt0QLKgB6qD5KR0bFPbt+0GL33WRpFIzApLFiIyPH8WxzmXgeQ90iJ0Nf75
    8maTMc9vJJG41cwZ0h54cNbQRzgq1BDd4Bqj8e3rbei7Eg==

    Extension name:

    i8r6i

    —————————————————————————————–

    !!! DANGER !!!
    DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions – its may entail damge of the private key and, as result, The Loss all data.
    !!! !!! !!!
    ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
    !!! !!! !!!

    Reply
  190. AvatarSoso

    bonjour j’ai été infecté aussi et tout mes fichiers sont devenus des fichiers .reco
    comment faire s’il vous plait,un disque dur entier de 300 go très très important.
    merci de m’aider infiniment

    Reply
    1. AvatarMilena Dimitrova

      Hi there, you can try to decrypt your .reco files using the STOPDecrypter: https://sensorstechforum.com/remove-stop-ransomware/

      Reply
  191. Avatardenis

    Hola, todos mis archivos están con extensión .NOLS , please alguna herramienta para su recuperación o vuelta a la normalidad.el virus ya lo borre pero me quedaron encriptados.. gracias a quien pueda ayudar

    Reply
    1. AvatarMilena Dimitrova

      Hi denis, there is no decrypter available for this version of the ransomware.

      Reply
    2. Avataroscar

      pudiste solucionarlo ,yo tambien lo tengo y estoy desesperado

      Reply
  192. AvatarJCB

    hola muy buenas quisiera pedir ayuda para recuperar mis archivos entro un virus a mi computador el cual solo dejo este mensaje ver si me pueden ayudar a solucionar mi problema.

    Attention!

    —————————-
    | What happened?
    —————————-

    All your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.
    You cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.

    —————————-
    | How to get my files back?
    —————————-

    The only method to restore your files is to purchase a unique for you private key which is securely stored on our servers.
    To contact us and purchase the key you have to visit our website in a hidden TOR network.

    There are general 2 ways to reach us:

    1) [Recommended] Using hidden TOR network.

    a) Download a special TOR browser: https://www.torproject.org/
    b) Install the TOR Browser.
    c) Open the TOR Browser.
    d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/eea40acf28e391b3
    e) Follow the instructions on this page.

    2) If you have any problems connecting or using TOR network

    a) Open our website: https://mazedecrypt.top/eea40acf28e391b3
    b) Follow the instructions on this page.

    Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use.

    On this page, you will see instructions on how to make a free decryption test and how to pay.
    Also it has a live chat with our operators and support team.

    —————————-
    | What about guarantees?
    —————————-

    We understand your stress and worry.
    So you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!
    If you have any problems our friendly support team is always here to assist you in a live chat!

    ——————————————————————————-
    THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU
    —BEGIN MAZE KEY—
    oQlD+jTjobiNN1NyBzSArSZ4ifotDCWLVCEHTYHCj7nVEK99O/kKO+7jL8/NOIl808wJA4818Pl6xX+vQP8wPE+uGQTrpgn2mxr96YnzQHYGBb/2YhTS+QpsvNO3kkoQEaxiNIHJ2/kiSBfhqq54ogv+Omqhmb9N4SXDtorh//AvyklCQEx+9vP7SLILPpTrJ0v6wXrFyy2KwQwAwA+sT6ewe7dABq7puzG2NmxUza+1JZAEQPW9R/nU8BUb+M/n8JlC5vii3L07pGpg4j2NupacJVjBsw7LleuDMjLgNpBhrKa9Z9kj6k3KdNtgfS168erCHHh45kUBB8oZDO7b1WL5NLAIj+hSfEPfzJTk2Jy+lBoc8zz9VrUJi4V88VRw92kTeTlCN6V13iOR2l55V82TMyafkaHkgjaRChok9s1tjrW1nvaiqBgiITSndHpfbwNtgm74B+UYsyz7LMh/IPRgB9DixFQ8uIu+DXIqgVI30trEJ2/ErA4VJpP9peKv4IvbT4GDmatqc3Ct6Ef/2kLMU11hLx2iU6ftSSSp/PHksqceWgl7zxI76n8AhnkL8gyd+rqPzWrY2d1svpxy/vEmlvcvDa7TU2G7a02tQKzGUXpkHw3iiOI9SLEuVLZqkfKzsjeybkX54lxcHey7DJY2hEfSch7et0RqIOp5eQ/OQmAghSNzI/u2OkVLXZVbKMELlUWfw4y2RqB3QY5JdaVR4lkY8srMjtd/ABpgPn0GDReVkStOO4fZTQYUBZhIHndmx+j9xFG/3ThKbomUtUgD/F1KYyhZ6rMGmVe1drZxsDNcZKV6WvplWWNGZwYVb97FLWicwKPpFOfbA75NGGTGn8nIXb1BW9EohCmEceoRJpJV2dtZSh+b8ht1b7VwF//01d8aTAECRjyWK70HPsNn3/qyNTor7lhxpOEz75QlUK32faEV+XfGT0YvM94En45Xm3M7en0wrNXDQIv3/L1iR5goHoqoh8R4qQOk7AzOdYA83Ke79o5+VdIhxLd5RFlSChk9Tj3ZT84SOnI4DIlwcNO+Jl+FDGDqiwITNVvoEU/SyzdHpO9RPYqzOAf95OOSakcwEpu03rW3zSKvor3v0tE/6Y6gzOS5LLkrSoanx9CZmjmptfj3n3BLDEHSUf+WTXW09Nay/nCxo6xFCAhu2cdVgg9WqVJS3uhQ6SzVHd7uWHQZEg2ckeec5K9iEQoxSrodRHQSjODytH79yyhbhgzaQn7F6fZIUPTlrmYblEWB/PKFRw/11kY2qmIokvDVldVGjl5nZfFzX0sRg1f9QjXD+vypleVdafUcNB5jX+4tz3zbH3Z3GpAeAbc3M30tq1NDsKsSWz4GefeFh0fmlw7karg9hp4jm3QS+xnPGGfYCUxTWaxlCfWzuMbqTjE0QnUkCrAxXty5pdUDnPQFWjFABkLx+eanlBdyDcvGMOXQtuQtVVe8TPwFpOnhAj3IsDYqcpRHSRhoUgwqe8qxKB7m7Wu3jlzySAKwIvZsFK5wcnm9LjygtEXHrJ8tH15GVypzog7YvOAZeA/48otXLHtz2RROWk9Nm2KbhKtjwVIGHBnh4eiGOh5htmkhXISJRRN3Wfy825zX0sPnAfllPZFwSQFIa7aHFpAbKmuvcZP8+VQWQIg5akiHH+mfmNWHnD4xsFZr5UVWFU7i55fG0aDoTA2V++rFbhSetadnGK0tik7hsOSoUyZy0cJDKjJF6DpwnTfY3ruZ4MOq3r5LkscjBy4+QuvXSmJBQXuBP5C6+zankSvp3s7hGCXTHfPJ1DuL1iXfRE0kGLSdySAabotb8oJiGUx5mE2NhU3LlCJUNp8LATQSyDhTtx0Dlm9vqPIZirrNllH74bJyqukXh21ey++/7n6fLbB1PDzjtiQKjR2eXSGfFS1jGa6OrZS3dYUuA9jliYZk8W2GkT9H2de6VdZDNiwx2t5SHyTpfXjq9F8dbfp40jaPoo+XHIDQieCaBRw7eHTufHdIzjcE4582cf+vNIq0Q2WifHBuULHH8LP7abuqhLp+0/NbXoFRheRzydrSqgiv1DPC636dm+aAsuWKMmfM4x/PuWlf2Jpy1PTUUp/8CPoIduv475RLtLMWd2qqo+mpPp9xoTC76/yBUbnt3kHZAtXAMiJLlA+MiSAipqW92txK9nMpPbHbwK+rHUG6pjUIKPPKM7ZnVILMI6o6oT1/bmxTyycW+ITyWILtoReJjsSh37qhRBTcegoiZQBlAGEANAAwAGEAYwBmADIAOABlADMAOQAxAGIAMwAAABCAYBoYZQBxAHUAaQBwAG8AIABjAGEAcwBhAAAAIhxFAFEAVQBJAFAATwBDAEEAUwBBAC0AUABDAAAAKgxuAG8AbgBlAHwAAAAyJlcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlAAAAQuABfABDAF8ARgBfADMANQA3ADUAMAA5AC8ANAA3ADYAOQAzADcAfABEAF8AVQBfADAALwAzADkAMAAyAHwARQBfAEYAXwA4ADYALwA5ADkAfABGAF8ARgBfADgANAA5ADIAMgA5AC8AMQA5ADAANwA3ADIANgB8AEcAXwBGAF8AOQA1ADMANgA0ADgALwA5ADUAMwA3ADYANgB8AEgAXwBGAF8AOAA5ADUANQA5AC8AOQA5ADIAMgA0AHwASQBfAEYAXwAyADYANwA0ADAAMwAvADUAMQAwADMANQAyAHwAAABIAFBAWIpoYIoYaIpocNqGIHgDgAECigEDMi4w
    —END MAZE KEY—

    Reply
    1. AvatarMilena Dimitrova

      Hi there,

      It seems you have been infected by the so-called Maze ransomware: https://sensorstechforum.com/maze-ransomware-2019-virus-remove/

      Reply
  193. AvatarNouman

    Hello
    My files are encrypted with .derp ransomware.
    Is there any solution to decrypted my files.

    Reply
  194. Avatardilo

    Hello
    My files are encrypted with .nakw ransomware.
    Is there any solution to decrypted my files.

    Reply
  195. AvatarGeorge

    Mine too. Please help!

    Reply
  196. AvatarOscarX

    Hello, please help!
    My files are encrypted with .nakw

    Reply
  197. AvatarDIPESH

    Hai,

    My laptop was affected with LETO Ransomware and all my drives encrypted.Kindly assist me to decrypt my file is its possible.
    Thank you

    Reply
  198. AvatarDivyanshu

    is there any decryption tool for .meka ransomware? please help ASAP my 4tb data is encrypted.

    Reply
  199. AvatarAngel

    Bien dia.. Ayúdenme por favor.. Mi computadora ha sido infectada con un virus que pone como extensión .MEKA
    ¿Como puedo hacer para recuperarlos?

    Reply
  200. AvatarMiguel

    buenos dias mi computador esta encriptado con .toec alguna solucion?
    esta es la nota de rescate
    ATTENTION!

    Don’t worry, you can return all your files!
    All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
    The only method of recovering files is to purchase decrypt tool and unique key for you.
    This software will decrypt all your encrypted files.
    What guarantees you have?
    You can send one of your encrypted file from your PC and we decrypt it for free.
    But we can decrypt only 1 file for free. File must not contain valuable information.
    You can get and look video overview decrypt tool:
    https://we.tl/t-h159DSA7cz
    Price of private key and decrypt software is $980.
    Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
    Please note that you’ll never restore your data without payment.
    Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

    To get this software you need write on our e-mail:
    salesrestoresoftware@firemail.cc

    Reserve e-mail address to contact us:
    salesrestoresoftware@gmail.com

    Reply
  201. AvatarBILAL AHMED

    .BOT extension files.. Ransomware affected me. Any solution of that extension??

    Reply
  202. Avatarantonio

    ayuda no puedo abrir mis archivos con extenxion .meka

    Reply
  203. AvatarAdam

    my file encrypt by .coot, and I use emsisoft, it still wont open..

    Reply
    1. AvatarMilena Dimitrova

      Hi Adam,

      The reason may be that this variant has online keys, that are significantly harder to decrypt, due to the fact that they cannot be detected and factorized as easy. More information here: https://sensorstechforum.com/coot-virus-file/

      Reply
  204. AvatarERNESTO

    Hola , se infectaron todos mis archivos con la extensión .meka .Alguna solución? perdí todo ya que mi disco externon de backup estaba conectado y también se encriptó.

    Reply
  205. AvatarCecelio

    my file got encrypt by .lokf , hope I can retrieve it.

    Reply
    1. AvatarMilena Dimitrova

      Hi cecelio,
      Unfortunately, there is still no decrypter for this .lokf version of STOP ransomware. We will update our article if a decrypter is released – https://sensorstechforum.com/lokf-virus-file/

      Reply
  206. AvatarAntonio

    El 9 de septiembre del 2015 fui infectado por el ransomware help2015@scryptmail.com, me encripto la mayoria de archivos personales, fotos y videos de hace mas de 10 años, con la herramienta kasperky en la version 1.14.0.0 se podia descifrarlos todos con exito, pero algunos casos no se puede, no siempre funciona, en mi caso Kasperky no logro recuperar ninguna contraseña. guarde los archivos cifrados y un los tengo despues que yo formateara mi disco duro.

    Reply

Leave a Reply to Lock Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.