Kaspersky
Solved

a ransomware named .CEZOR [MOVED]

  • 11 July 2019
  • 22 replies
  • 10961 views

Userlevel 1
this message shown in every folder
and every file extension changed into .CEZOR
help me out to decrypt my files
please any one help..........
ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
varasto@firemail.cc

Our Telegram account:
@datarestore
Mark Data Restore

Your personal ID:
111Asd3i74yih3gkdMRrOmiaGsrOBV5WeKx9PFMAoug3J1vvarRjmmut1

Moderator: Moved to the correct forum.
icon

Best answer by Caos 11 July 2019, 13:01

Hi,

In terms of recovering/decrypting the files, this type of virus usually encrypts the files with very high bit keys, and in very rare cases a decryptor can be created, usually due to failure or careless programming of the malware. But in the vast majority it is not possible, at least at the moment.

You can check if the ransomware that attacked you currently has the possibility to be decrypted here: https://id-ransomware.malwarehunterteam.com/index.php?lang=en

You can find information that can help you here: https://www.nomoreransom.org/en/index.html

Also try the utilities offered by Kaspersky: http://support.kaspersky.com/viruses/utility

If you are a Kaspersky user with a valid license, open a support ticket in my Kaspersky account, send them a sample of an encrypted file, and if you have the same file unencrypted.

Try with STOPDecrypter v2.1.0.15

Regards
View original

22 replies

Userlevel 7
Badge +8
Hi,

In terms of recovering/decrypting the files, this type of virus usually encrypts the files with very high bit keys, and in very rare cases a decryptor can be created, usually due to failure or careless programming of the malware. But in the vast majority it is not possible, at least at the moment.

You can check if the ransomware that attacked you currently has the possibility to be decrypted here: https://id-ransomware.malwarehunterteam.com/index.php?lang=en

You can find information that can help you here: https://www.nomoreransom.org/en/index.html

Also try the utilities offered by Kaspersky: http://support.kaspersky.com/viruses/utility

If you are a Kaspersky user with a valid license, open a support ticket in my Kaspersky account, send them a sample of an encrypted file, and if you have the same file unencrypted.

Try with STOPDecrypter v2.1.0.15

Regards
Userlevel 1
buddy i have tried my best but nothing is happening
some other way to decrypt it
than please tell me
🤕
Userlevel 7
Badge +8
Hi,

In terms of recovering/decrypting the files, this type of virus usually encrypts the files with very high bit keys, and in very rare cases a decryptor can be created, usually due to failure or careless programming of the malware. But in the vast majority it is not possible, at least at the moment.

You can check if the ransomware that attacked you currently has the possibility to be decrypted here: https://id-ransomware.malwarehunterteam.com/index.php?lang=en
Userlevel 1
I have been caught by a ransomware named .cezor and that's the overall situation
Need help....
Userlevel 7
Badge +6
Hello Prashant sharma,
Do you have a valid Kaspersky license?
If "yes", open a support ticket via your MyKaspersky account, https://my.kaspersky.com/
If "no", did you follow all the information advised by Caos?
Please let us know and please include:
Operating system, version, build?
Kaspersky software name? version? patch(x)? x = letter
Actions/steps taken to recover?
Thanks.
Userlevel 1
Yes I have followed caos but nothing happens
I'm using win 7 x64 and yet not installed kaspersky
Userlevel 7
Badge +6
Yes I have followed caos but nothing happens. I'm using win 7 x64 and yet not installed kaspersky

Did you submit to:
  • https://www.nomoreransom.org/crypto-sheriff.php?lang=en ?
&
  • https://id-ransomware.malwarehunterteam.com/index.php?lang=en ?
----------
Please read & follow every step very carefully:
https://www.pcrisk.com/removal-guides/15383-cezor-ransomware

Thanks.
Userlevel 1
Thank You very very much brother.......My all files got decrypted...thanku Man salute you......
😙😙😄😄
Userlevel 7
Badge +6
That is wonderful news Prashant Sharma👏, thank you so much for telling us☺.

  1. Please (for your own safety) install and activate security software!
  2. Make regular backups.
  3. And a regular restore point.
  4. And a regular system image.
  5. And please mark your post "answered".
Many thanks!
Userlevel 1
https://www.pcrisk.com/removal-guides/15383-cezor-ransomware
2 days back I have visited this link but
The decryptor named STOPDecryptor was of old version and when today I visited this link I found a new one
Its been great I have recovered 1tb of my data....
I'm speach less bro...
Hello dear FLOOD,
My laptop infected with a ransomware virus named .nesa
this message shown in every folder
and every file extension changed into .nesa
help me out to decrypt my files
please any one help..........

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-UV4s8jgncB
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
gerentoshelp@firemail.cc

Your personal ID:
0166hTlGeRsMTHVpwDk4Ylm4RWx1yyNzcacA5hSp3l60BnYwdny
Userlevel 1
just check out this....
and download stop decryption tool
https://www.bugsfighter.com/remove-stop-ransomware-and-decrypt-nesa-domn-or-karl-files/#download-decryption-tool
just check out this....
and download stop decryption toolhttps://www.bugsfighter.com/remove-stop-ransomware-and-decrypt-nesa-domn-or-karl-files/#download-decryption-tool

Thank you for response ,
I really I followed most of these steps but to no avail, I did scan with avast antivirus and I did reset to my PC but nothing happened
Userlevel 7
Badge +6
I really I followed most of these steps but to no avail, I did scan with avast antivirus and I did reset to my PC but nothing happened
Hello @Abdulla Algibaly,
Welcome!
  • When the infection happened was Kaspersky software installed and active?
  • Do you have a valid Kaspersky license?
  • If "yes", open a support ticket via your MyKaspersky account, https://my.kaspersky.com/
  • If "no", did you follow all the information advised by @Caos ?
Thank you.

I really I followed most of these steps but to no avail, I did scan with avast antivirus and I did reset to my PC but nothing happenedHello @Abdulla Algibaly,
Welcome!
  • When the infection happened was Kaspersky software installed and active?
  • Do you have a valid Kaspersky license?
  • If "yes", open a support ticket via your MyKaspersky account, https://my.kaspersky.com/
  • If "no", did you follow all the information advised by @Caos ?
Thank you.


Yes I have followed caos but nothing happens
I'm using win 10 x64 and yet not installed kaspersky

I did a scan with Avast antivirus but it didn't find anything
And I did check on this site: https://id-ransomware.malwarehunterteam.com/index.php?lang=en
to determine the type of virus and I found that my caught by a ransomware named .nesa and the name of virus is STOP (Djvu) according to that site
Userlevel 7
Badge +6
Yes I have followed caos but nothing happens
I'm using win 10 x64 and yet not installed kaspersky
I did a scan with Avast antivirus but it didn't find anything
And I did check on this site: https://id-ransomware.malwarehunterteam.com/index.php?lang=ento determine the type of virus and I found that my caught by a ransomware named .nesa and the name of virus is STOP (Djvu) according to that site

Hello @Abdulla Algibaly,
Thank you for posting back.
Ok, so ID Ransomware, confirmed .nesa from STOP/DJVU family
  1. What happened when you used CRYPTO SHERIFF?
  2. Do you have backups?
  3. In another post @Caos advises, "if decryption is not possible at this present time, save the files (which you deem convenient) in case they can be decrypted later."
  • If you follow this advice. make sure to save the files to a drive that is used exclusively for the contaminated files, make sure the drive can be locked and labelled so no further disaster can occur.
Best regards
1- this message is shown to me :

BAD NEWS

Sorry! We don’t yet have a solution to help you but we are actively looking for it.
Please make sure you are uploading a ransom note and encrypted sample file from the same infection.
It is recommended to back-up your encrypted files, and hope for a solution in the future.

2- I don't have any backups at this moment

3- I will

But really I need a solution for this, how long time should it takes to fix it

Thanks
Userlevel 7
Badge +6
1- this message is shown to me :
BAD NEWS
Sorry! We don’t yet have a solution to help you but we are actively looking for it.
Please make sure you are uploading a ransom note and encrypted sample file from the same infection.
It is recommended to back-up your encrypted files, and hope for a solution in the future.
2- I don't have any backups at this moment
3- I will
But really I need a solution for this, how long time should it takes to fix it
Thanks

Hello @Abdulla Algibaly,
There is no time frame. However, the sites we've provided advise: "At the moment, not every type of ransomware has a solution. Keep checking the website as new keys and applications are added when available".
If you see @prashant sharma's post, originally he tried the solutions, with no success, however, after trying again, eventually success came.
The Experts advise "never pay the criminals, there is no guarantee a solution will be provided".
Thank you and best wishes.

SAFETY 101 Tips and tools to fight viruses and vulnerabilities
You said : Keep checking the website as new keys and applications are added when available".

What page or website exactly should I keep checking?

Do you have any account that I can send you a shots screen for some of the procedures

Thanks
Userlevel 7
Badge +6
You said : Keep checking the website as new keys and applications are added when available".What page or website exactly should I keep checking? Do you have any account that I can send you a shots screen for some of the procedures
Thanks

Hello @Abdulla Algibaly,
What I actually said was/is "However, the sites we've provided advise: "At the moment, not every type of ransomware has a solution. Keep checking the website as new keys and applications are added when available". ID Ransomware and Crypto Sheriff are the sites from above.
Regarding screenshots, If you wish to share them (via pm) that's fine, but, I cannot do anything with them.
We understand your predicament, if there was a solution we would share it with you.
Thank you.

You said : Keep checking the website as new keys and applications are added when available".What page or website exactly should I keep checking? Do you have any account that I can send you a shots screen for some of the procedures
Thanks
Hello @Abdulla Algibaly,
What I actually said was/is "However, the sites we've provided advise: "At the moment, not every type of ransomware has a solution. Keep checking the website as new keys and applications are added when available". ID Ransomware and Crypto Sheriff are the sites from above.
Regarding screenshots, If you wish to share them (via pm) that's fine, but, I cannot do anything with them.
We understand your predicament, if there was a solution we would share it with you.
Thank you.


Thank you so much
I need immediate help. My system has been infected with the .cezor virus. I changed windows once. I did not work with any of these solutions. Please guide me if you know a way. I'm a student and I need my information.😫

Reply / Ответить