![[FCO]FreeCoursesOnline](https://onehack.us/uploads/default/original/3X/b/4/b4d2fc8468becec1e9976784dba394e5a378ec81.jpg){kind=small}
my files were hacked by a ransomware REPP online, I trust this community and hope that you can help.
REPP is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool. Despite that, I would like for you to run the STOP/DJVU decryption tool anyway. That will accomplish a couple of things. First, it will deactivate and remove any malware that was installed by the ransomware. This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup. Second, the decryption tool will determine the ID of the encrypted files. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files.
Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the REPP variant of STOP/DJVU.
NOTE: We have added Offline IDs for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches the ones in our database, then our decryption tool will be able to decrypt those files.
To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu
Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
If the decryption tool is telling you that the files cannot be decrypted, then they cannot be decrypted.
STOP/DJVU NOTES:
- If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message.
- If your file(s) have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. We do not have access to those keys.
- If your files(s) have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key.
- Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the keys in our database, then our decryption tool will be able to decrypt those files.
Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
5 Likes
i will try it, thank you
but it, unfortunately, an online id, so what to do now?