CryptoSearch - Find Files Encrypted by Ransomware

_readme.txt

 

ATTENTION!

 

Don't worry, you can return all your files!

All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.

The only method of recovering files is to purchase decrypt tool and unique key for you.

This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.

But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:

https://we.tl/t-Be28TGxMAy

Price of private key and decrypt software is $980.

Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

 

 

To get this software you need write on our e-mail:

helprestore@firemail.cc

 

Reserve e-mail address to contact us:

datarestore@iran.ir

 

Your personal ID:

0194Asd374y5iuhldmjQby8HJfDgVqVAfkURTeXwrzQ5ym9SJknsR5n6p

 

You are infected with STOP (DJVU) Ransomware.This is a support topic specifically for CryptoSearch...it is not intended for questions or assistance about ransomware which has already been identified and for which there is an existing support topic where you can post for help.
 
Please read the first page of the STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Support Topic for a summary of this infection, it's variants and possible decryption solutions with instructions (including what to do if the decrypter does not work). You need to post any questions or the required information (i.e. Personal ID, Extension of files & MAC (physical) Address of the infected computer) in the above support topic if STOPDecrypter is unable to decrypt your files.

Do not keep posting in the same thing in topics not related to STOP Ransomware.

CryptoSearch

CryptoSearch (beta) is a program I have created to help find what files were encrypted by a particular ransomware, and allow the user to copy/move the files to another location for archiving (for hopes of future decryption).

 

 

This program is powered by my service ID Ransomware, and thus is always updated with definitions on the latest known ransomwares and their signatures. This also allows it to be flexible in detecting the encrypted files, as it uses the exact same data ID Ransomware uses for identifying variants. It will identify files by known filename pattern or extension, or for some variants, the hex pattern in the encrypted file.

 

When CryptoSearch is first launched, it will contact the website, and pull down the latest information on known extensions and byte patterns; this is the only network activity done with the program, and no information about your system is uploaded or stored at all. If you have a network issue with reaching the website, the "Refresh Network" button is available to try again.

 

As of v0.9.2.0, CryptoSearch will save the definitions it uses to a local file in the same directory as the program. The next time you run the program, it will load this file for offline use if it cannot reach ID Ransomware. This will allow you to use it on a computer that has been quarantined and is offline.

 

You may also use the tool to manually search for a particular extension or byte pattern by use of the Search Options.

 

 

The following options are also available via the checkboxes on the right, and the radio buttons next to Search:

• List Files - lists the encrypted files, uncheck to only list folders that include encrypted files
• List Clean folders - will also list folders that are clean and do not have encrypted files
• Search Directory - search a specified directory
• Search Computer - search the whole computer (all drive letters found, including mapped drives)

 

Once the scan has completed, the File menu will allow the following options:

• Export List - saves a list of the encrypted files to a text file
• Archive Files - allows you to copy or move the encrypted files to another location for archiving

 

 

The archived files retain the full folder structure, including the drive letter. For example, these files were moved to "C:\Backup\C\Test".

 

 

Please note that this program does not decrypt data. It is simply a tool for users to find exactly what files were encrypted, and optionally move them to another location before cleaning or formatting a system.

 

You may download CryptoSearch here: https://download.bleepingcomputer.com/demonslay335/CryptoSearch.zip

 

Please note, the password for the zip file is "false-positive". This is a temporary response to false positives being triggered by Google SafeBrowsing and antivirus.

 

Please let me know if you run into any issues, or any recommendations for the program. I hope it is of some use to helping victims cleanup their systems, and for sysadmins to determine the extent of damages on servers (my original inspiration for this project).

 

 

Algum fato novo quanto ao .mado?

 

Does anyone have any new facts about the decryption of the extension ".mado and .rooe"?

any program that can really recover the files?

 

You are dealing with STOP (DJVU) Ransomware.

If you need to discuss anything related to this ransomware, please post your comments in the STOP Ransomware (.STOP, .Puma, .Djvu, .Promo,....not here or read the first page (Post #1)  of that topic AND these FAQs for a summary of this infection, it's variants, any updates and possible decryption solutions using the Emsisoft Decryptor.

Hey there,

Just made an account here, after our firm got hit by the Asustor DEADBOLT attack.

We're trying to get a list of affected files to determine whether or not to pay ransom, restore said files from a backup, or abandon them.

DemonSlay's tool seemed perfect for the job.

However, after downloading the zip from different browsers on different PCs, we are only given two files

• changelog.txt
• CryptoSearch.exe

and here is no definition file.
Naturally, we assumed that perhaps the definition file is built after connecting to the ID Ransomware site.

Unfortunately, the program is unable to connect to the server:

Again, this issue persists no matter the download method or location downloaded.

Viewing the thread and the Twitter feed, it appears there have not been any updates in a long time.
Is this program outdated or discontinued?
Or is there something we are missing here?

Thanks in advance.

Definition file looks like missing.

It seems like this software is abandoned. I would have liked to clean all encrypted files and ransom notes left behind. I was able to restore almost all of my important data after an attack, but the clean up is MASSIVE with a billion folders with billions of files that aren't very big.

I found a software called "Folder Cleaner". Here you can scan for a specific file or extension of files in all sub folders, and after you get a list of all hits. Just searching for .7z extension and the ransom note file name gave me a quick and easy way to clean up the mess and I don't have to store these encrypted files anymore.

Just in case someone finds this, and wanted to use this program for that specific purpose.