All Activity

This stream auto-updates     

  1. Today
  2. hartok
    No key for New Variant offline ID: kW6ZRM8gJwA3h909N2N00QXNoC7QxseKxujvpit1Notice: this ID appears be an offline ID, decryption MAY be possible in the future so is it an online or offline id?
  3. Amigo-A started following my file are encrypted by tycoon 2.0/3.0 eruption
  4. Amigo-A
    Attach several encrypted files and a ransom note to your message. Do not change or edit anything in these files.
  5. geo_luci08 geo_luci08 joined the community
  6. geo_luci08
    I try to install the softwere and is say "unable to start correctly (0x0000007b)" Why is not work?
  7. Muhammad Sajjad Khan Muhammad Sajjad Khan joined the community
  8. Muhammad Sajjad Khan
    My laptop was infected by topi ransomware in the m/o january 2020. I stopped using that laptop and isolate it for the last 6 months and use it only for treatment purpose if there is any update available. Today I found that it was infected with two different ID's 1. 0200a7d6a8sda7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1 2. 0200a7d6a8sdat4d27G3e8o6AJjVM0xn7p6oBK1FlbaQcz7ID3HCv Your decryptor got success to decrypt data with first ID but for second one shows error ID appears to be online, decryption is impossible. kindly help what should I do and how can I decrypt my data. Thanks
  9. Frank H
    and again cool improvements https://blog.emsisoft.com/en/36716/new-in-2020-8-custom-filtered-views-for-the-console-dashboard/
  10. Christian Mairoll
    We added a new feature to save the preferred view settings for quick access, as well as a new column filtering feature for workspaces and device lists. The post New in 2020.8: Custom filtered views for the console dashboard appeared first on Emsisoft | Security Blog. View the full article
  11. saerdib
    thanks for reply , that's kind of you Sir , if there is any update on my case , please notify me
  12. Anis Shah
    Any update sir?
  13. mnaeembaig mnaeembaig joined the community
  14. mnaeembaig
    Can any one help me out in decrypting files by ransomware. Tycoon 2.0 / 3.0 This ransomware has no known way of decrypting data at this time. It is recommended to backup your encrypted files, and hope for a solution in the future. Identified by sample_extension: .[<hex>].eruption sample_bytes: [0x64 - 0x6C] 0xD160F3C5716D5AFF
  15. GT500
    Yes, this is an online ID, so we won't be able to decrypt your files.
  16. GT500
    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. GT500
    I haven't heard anything new yet, but will check with our malware analysts to be sure.
  18. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. GT500
    You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. GT500
    We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  21. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. GT500
    I'm not aware of a size limit, however I have asked the developer who made the decrypter about this to confirm.
  25. GT500
    Don't trust random videos or articles that you find online for help. They usually get things wrong, and often don't give good advise. For instance, there is no decrypter that can decrypt "any type of file". Stick to advise from experts, and when in doubt make sure your source of information is one of the partners of the NoMoreRansom project as they will be the most likely to have reliable information about ransomware and how to decrypt files. As for the ransomware that uses the .maas extension, it is more than likely the STOP/Djvu ransomware. It does use Salsa20 encryption, however newer variants (starting near the end of August 2019 and newer) use RSA keys which are impervious to most forms of attacks, and in order to decrypt files that have been encrypted by newer variants of STOP/Djvu (like .maas) we would need the private key for your ID. Unfortunately only the criminals who made/distributed the ransomware have access to the private keys, and we can only decrypt files in those cases if the ransomware was unable to connect to its command and control servers and used an offline ID and public key when encrypting files, and even then we can only decrypt such files after a victim who has an offline ID has paid the ransom and sends us the decrypter the criminals sent them so we can extract the private key. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  26. GT500
    It's not supposed to. Your files aren't decryptable. Please read my previous replies.
  27. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  28. GT500
    .vesad is an older variant (I'll ask the developer who made the decrypter why it said it's a new variant). You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  29. GT500
    It's an online ID. If you have any doubts, our decrypter will tell you what ID each encrypted file has, and whether the ID's are online or offline.
  30. GT500
    Logs received. I've forwarded them to QA.
  1. Load more activity

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up