Decrypter for Ransomware "righ." ?

[s0mersbybg_]

Hello everyone! Before time ago I got infected with ransomware under the name "righ.". And since then, my files have been sitting in the clouds. My question is is there an option to fix it today? (Photos and videos only) 

You can join my PC with TeamViewer to drop an eye.

[Stormseeker9]

Have you tried running anti malware like malwarebytes or similar in safe mode without networking? 

[s0mersbybg_]

3 minutes ago, Stormseeker9 said:

Have you tried running anti malware like malwarebytes or similar in safe mode without networking? 

No i dont need that and didnt did that cuz i dont have any virus or malware on my PC right now. I just need to decrypt my files with an software or something.

 

[Cotech]

Ok? Did your other computers get infected

[s0mersbybg_]

1 minute ago, Cotech said:

Ok? Did your other computers get infected

No, no. I already format all my SSD+HDD drives and start absolutely fresh. But my files are still on CLOUDS with "righ." after name of file. + changed type (righ.)

[akio123008]

3 minutes ago, s0mersbybg_ said:

No, no. I already format all my SSD+HDD drives and start absolutely fresh. But my files are still on CLOUDS with "righ." after name of file. + changed type (righ.)

What do you mean? are they stored on some server?

[s0mersbybg_]

Just now, akio123008 said:

What do you mean? are they stored on some server?

Yes. Onedrive.

[akio123008]

Just now, s0mersbybg_ said:

Yes. Onedrive.

Did the malware move your files onto that or were these files already on onedrive?

[s0mersbybg_]

Just now, akio123008 said:

Did the malware move your files onto that or were these files already on onedrive?

Man. I moved them to cloud. Cuz i wanted to format my SSD and HDD.

They can be easily downloaded but with righ. format and righ. after the name of file.

[akio123008]

Are you sure the files are encrypted? You can try opening them with a text editor or something (don't know what kind of files they are though) and see if anything's recognisable.

[s0mersbybg_]

4 minutes ago, akio123008 said:

Are you sure the files are encrypted? You can try opening them with a text editor or something (don't know what kind of files they are though) and see if anything's recognisable.

Yes, i can open them with Notepad but strange symbols are...

[akio123008]

Just now, s0mersbybg_ said:

Yes, i can open them with Notepad but strange symbols are...

I'm really not an expert with this kind of stuff, I really don't have any other suggestion than to open some files in notepad and see if you recognise anything. If one of the files is a word/text document of some kind, and you're able to read the text in notepad then that means the file isn't encrypted.

 

If the files are encrypted, you'd need a decryption tool and presumably a key. I have never heard of this malware though, so I have no idea what software exactly you'd need.

[s0mersbybg_]

2 minutes ago, akio123008 said:

I'm really not an expert with this kind of stuff, I really don't have any other suggestion than to open some files in notepad and see if you recognise anything. If one of the files is a word/text document of some kind, and you're able to read the text in notepad then that means the file isn't encrypted.

 

If the files are encrypted, you'd need a decryption tool and presumably a key. I have never heard of this malware though, so I have no idea what software exactly you'd need.

They are encrypted 100%. Thanks. Good luck

[Korben]

You might find this interessting:  https://geeksadvice.com/decrypt-files-locked-by-stop-djvu-ransomware-virus/

(Google is your friend)

[s0mersbybg_]

1 minute ago, Korben said:

You might find this interessting:  https://geeksadvice.com/decrypt-files-locked-by-stop-djvu-ransomware-virus/

(Google is your friend)

Hello. I know these methods - doesnt work for me. Can u try please?

 

[HoLLy_]

If your files are encrypted by ransomware, the key has most likely left your computer and you cannot decrypt it. In some cases the malware author's server containing all the decryption keys has been seized by authorities so there are public tools to receive it, or there is a flaw in the crypto, or a static key was used. To know if you're one of the lucky few, you can do some google searches for the strain of malware that hit you, but your chances aren't very high.

[Nayr438]

31 minutes ago, s0mersbybg_ said:

Hello. I know these methods - doesnt work for me. Can u try please?

 

According to the link shared, its a 2019 offline ransomware encryption that hasn't been cracked yet or at least publicly. Your best bet would be to wait or just forget the files.

[Eigenvektor]

25 minutes ago, Nayr438 said:

According to the link shared, its a 2019 offline ransomware encryption that hasn't been cracked yet or at least publicly. Your best would be to wait or just forget the files.

https://www.pcrisk.com/removal-guides/16502-righ-ransomware

Just to clarify: The version before August 2019 used a hard coded key in case your PC was offline. That's the only reason these files can be decrypted: The key is known. If it's a newer version with a random key, you're not going to decrypt them, unless the key is found on a seized server.

 

Based on https://howtofix.guide/about-djvu-stop-ransomware/, it uses AES-256. So there's really no way to crack it (in a reasonable amount of time). Unless your files are encrypted with a known encryption key, there is no way to get them back in the foreseeable future.

[Alan G]

IMO, the best website for this type of information is Bleeping Computer and it's forums.  there is a thread right now on your issue HERE.  Read the first major post before taking a deeper dive as the thread is very long at 687 pages!

[s0mersbybg_]

Thanks all! GOOD LUCK! Sad story :D with sad end :D :D