encrypted files(.slgh) how to decrypt it?


Any files that are encrypted with newer STOP (Djvu) Ransomware variants after August 2019 will have the .coharos, .shariz, .gero, .hese, .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec, .mosk, .lokf, .peet, .grod, .mbed, .kodg, .zobm, .rote, .msop, .hets, .righ, .gesd, .merl, .mkos, .nbes, .piny, .redl, .nosu, .kodc, .reha, .topi, .npsg, .btos, .repp, .alka, .bboo, .rooe, .mmnn, .ooss, .mool, .nppp, .rezm, .lokd, .foop, .remk, .npsk, .opqz, .mado, .jope, .mpaj, .lalo, .lezp, .qewe, .mpal, .sqpc, .mzlq, .koti, .covm, .pezi, .zipe, .nlah, .kkll, .zwer  .nypd, .usam, .tabe, .vawe, .moba, .pykw, .zida, .maas, .repl, .kuus, .erif, .kook, .nile, .oonn, .vari, .boop, .geno, .kasp, .ogdo, .npph, .kolz, .copa, .lyli, .moss, .foqe, .mmpa, .efji, .iiss, .jdyi, .vpsh, .agho, .vvoa, .epor or .sglh extension appended to the end of the encrypted data filename as explained here by Amigo-A (Andrew Ivanov). Since switching to the new STOP Djvu variants (and the release of .gero) the malware developers have been consistent on using 4-letter extensions.

STOP Ransomware will leave files (ransom notes) named !!!YourDataRestore!!!.txt, !!!RestoreProcess!!!.txt, !!!INFO_RESTORE!!!.txt, !!RESTORE!!!.txt, !!!!RESTORE_FILES!!!.txt, !!!DATA_RESTORE!!!.txt, !!!RESTORE_DATA!!!.txt, !!!KEYPASS_DECRYPTION_INFO!!!.txt, !!!WHY_MY_FILES_NOT_OPEN!!!.txt, !!!SAVE_FILES_INFO!!!.txt and !readme.txt. The .djvu* and newer variants will leave ransom notes named _openme.txt, _open_.txt or _readme.txt

Please read the first page (Post #1) of the STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Support Topic AND these FAQs for a summary of this infection, it’s variants, any updates and possible decryption solutions using the Emsisoft Decryptor.
 

In regards to new variants of STOP (Djvu) Ransomware…decryption of data requires an OFFLINE ID with corresponding private key. There no longer is an easy method to get OFFLINE KEYS for many of these newer variants and no way to decrypt files if infected with an ONLINE KEY without paying the ransom and obtaining the private keys from the criminals who created the…

Source…