All Activity

This stream auto-updates     

  1. Today
  2. Has anyone seen ransomware that uses the .bajonx file extension? When i uploaded the ransom note and the two encrypted files, the ID said it was GlobeImposter 2.0. But I haven't read anything from anyone mentioning the file extension that I've been infected with. Any help, suggestions, anything, would be greatly appreciated.
  3. Yesterday
  4. Hey guys, good night. I have noticed high CPU usage on my notebook during some tasks, like when I turn on my notebook, untill it loads everything, the CPU usage is around 100%. When I open some softwares, like Rambox, also 100% CPU usage. The notebook is an Acer A515-52G-58LZ, with an i5 8265U CPU, 16GB RAM, the system drive is a corsair MP510 480GB and I also have a 1TB HDD drive for data and backup. I know you will problaly need logs, or something like that, so please, tell me where I can find then and I will gladly post them here. Thanks in advance.
  5. Hello @E.H, Welcome to the Emsisoft Support Forums. The ID you supplied is an online ID, meaning that the files cannot be decrypted. An online ID means that your encryption key was generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. There is more information available at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. I couldn't find a decryption for the files infected by .kodg. The text file of virus shows the following key: Your personal ID: 0185Asd374y5qZpP5BXsRMENhKHwdYJLDHeSIrmHia52jEOBSAaG Anybody has a solution ? _readme.txt
  7. Ty, I'll keep the files for while. It is only some movies, pictures and MP3 songs, nothing critical. This information could be useful someway. The infection happened two days ago, when I tried to install a software from a torrent. I've two partitions on my computer c:/ and d:/, the sofware was download on D:, but installed on c:/. Only the partition d:/ was affected by this.
  8. @Vezor @NKK If the extortionists did not change the details (most likely - no, did not change), then the new samples with offline ID, like last year’s, should end with t1. You have suffered from an international ransomware called "STOP Ransomware". Previously, could decrypt files using a "STOP-Djvu Decrypter". Then it was redesigned and a new "Emsisoft STOP Decryptor" was created on its basis. This link contains detailed instructions and a link to download the Emsisoft STOP Decryptor. But he is not yet configured to decrypt files after the attack of new variants with .kodc and .nosu extensions.
  9. Yes. Read this guide and look at your "ID" in a ransom note.
  10. @Angel_Granado @NKK @Mavincenzi @Pree If the extortionists did not change the details (most likely - no, did not change), then the new samples with offline ID, like last year’s, should end with t1. You have suffered from an international ransomware called "STOP Ransomware". Previously, could decrypt files using a "STOP-Djvu Decrypter". Then it was redesigned and a new "Emsisoft STOP Decryptor" was created on its basis. This link contains detailed instructions and a link to download the Emsisoft STOP Decryptor. But he is not yet configured to decrypt files after the attack of new variants with .kodc and .nosu extensions.
  11. Hi, all my important files have suddenly changed extension to *.redl. All the support forums lead me here however the free decryption application does not work on my files. Is there a way I can get assistance?
  12. No it is not feasible to reverse engineer the encryption key. Even if we had the world's most powerful super computer at our disposal it would not be able to crack the encryption algorithm anytime in the next couple hundred thousand years.
  13. Is it possible to do something with the encrypted file and its original file to help? Like a reverse engineering?
  14. Hello , Thank you for contacting Emsisoft Support. The ID you supplied is an online ID, meaning that the files cannot be decrypted. An online ID means that your encryption key was generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. There is more information available at the following link:
  15. Hi guys, I was victim from this threat yesterday, looks like I've an offline ID, since all my files (.nosu) got a copy of a _readme text file with the default threat text. My Personal ID is: 0197nTsddtILma34zZGXbDA6Ml7mOe2NwGX3EIFGZmWHWSiyI What should I do? Can you guys help me? _readme.txt
  16. Thanks for the reply This is my Id : 0197nTsddDIwEtpIK6kgFIcX2WF5PL9Sluk6KBxQRzL7PUDOm Please tell me is it offline or online !!!
  17. I believe I got infected by a sketchy website I'm visiting, I used to enabled adblock all the time but nowadays I kind of turn it on and off I'm going to start using it again. I'll check out the antivirus, thanks for the advice.
  18. How can one be so wrong? In the next topic, you attached files with the .nosu extension
  19. @NKK @Pree @Angel_Granado Need a full ID from your ransom note. We won’t be able to tell you anything without this.
  20. Offline public keys are embedded into the ransomware itself for use in encryption. Offline private keys can be found in decrypters sent by the criminals to those with offline ID's who have paid the ransom. The decrypters are only available to us when the victims with offline ID's who have paid the ransom send them to us. Once we have an offline private key, we add it to our database so that our decrypter can use it.
  21. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. First and foremost, always make sure you have the latest security updates for everything (especially Windows and your web browsers). Also, if you have plugins/extension installed for your web browsers that you don't use or don't really need, then uninstall them. Especially Adobe Flash, Java, and Adobe Acrobat Reader as those are probably the three most exploited plugins in existence. Note that if you need to keep Java, but don't need the plugin for your web browser, you can configure Java settings to disable Java in your web browsers. Use a paid Anti-Virus software. Most of them have free trials, so feel free to find one you like. We offer a 30-day free trial of Emsisoft Anti-Malware if you'd like to try it. Don't download anything from sources you don't know you can trust. STOP/Djvu usually comes from pirated software and fake movie and music downloads, however there are other threats that come from many different sources (fake/malicious e-mails, ads in websites, shady download sites, compromised websites, etc). Always use an ad blocker in your web browser. We usually recommend uBlock Origin since it tends to be more efficient. Note that it only officially supports Firefox, Google Chrome, and Opera (although there is a third-party port for Microsoft Edge and the Google Chrome version works in Vivaldi). Make regular backups of all files, however keep in mind that if the computer has access to the backups then so does the ransomware. For that reason, I always recommend saving backups on some sort of removable media (USB flash drives, USB hard drives, tape drives, etc) so that you can leave the backups disconnected when not in use. Note that most companies that have a backup policy that involves using removable media also use multiple drives, that way they can use a different drive for their backups every day (at least for a few days until they start over again with the first drive). Also note that many consider cloud storage to be a good alternative as well, however there have been cases where criminals have compromised systems to manually infect them with ransomware, and have logged in to the cloud backup system and manually deleted all backups, so this method isn't necessarily the safest either. You can find more security tips at the following links: 7 steps you can take this weekend to protect your data and boost your privacy How to protect your company’s backups from ransomware Protection Guides
  23. That's a newer variant, so unfortunately we'd need to know your private key to be able to decrypt your files, and the criminals keep the private keys in a database that no one else has access to (so there's no way we could get it).
  24. That's a driver, so the most likely culprits would either be an infection or your Anti-Virus software. If you download the following ZIP archive, are you able to extract it? It's the exact same thing, just in a ZIP archive instead of a self-extracting RAR archive. https://dl.emsisoft.com/EmsisoftEmergencyKit.zip
  25. It's possible that the Windows Security Center doesn't delete those registry entries. I know there are some entries created by Windows that don't get deleted when you uninstall software, however I don't have a list of all of them, so someone from Microsoft might have to explain the functionality there.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up