All Activity

This stream auto-updates     

  1. Today
  2. Mobile phones ARE computers, computers one of whose programs pretends to be a (real) phone. Various companies (including Emsisoft) produce anti-malware/anti-virus programs for mobiles. You can read a summary of what these various programs can protect you from. Obviously iOS (Apple) and Android differ, and - as with PCs - there's several versions of each one's OS in use, and of course with Android some manufacturers supply variants on Android (ie not every Android phone is running the same OS). That means that odd combinations of phone model, version of Android etc may mean there's exploitable loopholes in subsets of phones, even if most are ok. In theory Apple's phones are more secure, partly because there's only their version of iOS in use, and partly because Apple try to make sure that only reputable apps are available. You might find it useful to read:
  3. Some files can only be partially encrypted. For example, files that are inside an archive can be extracted. In this case, only 1-2 files at the beginning of the alphabet list will be encrypted or damaged. There are reports from the victims that some music files and video files are being played, but I did not specify or remember what formats these are. This is a big burden for me, considering that I work with thousands of ransomware and very big quantity affected users around the world. See the 1st link in the signature.
  4. Under this condition, your ID looks like an "online ID". This is the newest variant 'STOP Ransomware' and decryption keys have not yet been found for it. But... Extortionists can change the conditions at any time. Now you need to save the encrypted files and ransomware notes. Collect them in a safe place without sorting. Let them be in their places. Sometimes different encryption keys can be used to encrypt files. You will need to be download and run the decoder after each new version of Emsisoft decryptor. Perhaps something will change for the better. There is no other way to return your files if you do not pay the ransom.
  5. Hello @Zoran Files that were encrypted by 'STOP Ransomware' can only be decrypted if they were encrypted without contact with the ransomware server (offline). One condition for decryption is the presence of a decryption key. If there is no such key, then decryption is not possible, even if an offline key was used. You can find out the details in a special topic.
  6. It is important to always use the latest version of anti-virus protection of Internet Security class or higher. Very often, users find somewhere re-patched version, where hackers made changes that would will critical at the time of the attack. Unfortunately, this is very common when users do not want or cannot buy an antivirus product on the official website.
  7. You need to try downloading the new version of the Emsisoft decryptor. But first, delete the previous one.
  8. The ID has a t1 so why won't the encryptor work? List of variants of STOP Ransomware, for which offline keys were received (to today) 0156: .gero 0157: .hese 0159: .seto 0160: .peta 0161: .moka 162: .meds 0163: .kvag 0164: .domn 0165: .karl 0166: .nesa 0168: .noos 0169: .kuub 0170: .reco 0171: .bora 0173: .nols 0174: .werd 0175: .coot 0176: .derp 0178: .meka 0179: .toec 0180: .mosk 0181: .lokf 0182: .peet 0183: .grod 0184: .mbed 0185: .kodg 0186: .zobm 0188: .msop 0189: .hets
  9. Hi there, Can mobile phones get viruses like computers? I had a text that said 'OMG cant believe you! Just seen the pic!' with a weblink in it, I thought it was from a friend but I clicked on it and my phone downloaded something then it disappeared and couldn't see any photo. Now I am worried it could be a virus! I have not got an antivirus on my phone, like my laptop. I searched the number on the internet and there was a comment on that said it was a scam phone number. Ive got private photos on my phone and I dont want them hacked or anything. Any advice would be greatly appreciated! Thank you!
  10. Of course I have made it on the first day of infection. I do not ever pay thieves my money. Thank You for suggestions. Every help is very valuable for me. Piotr
  11. hello somebody help me. my pc was attacked with .righ ransomware, which encrypt all of my files. i have tried to decrypit by stop/djvu but it now worked for me. there is a id shows ID : mrhfFb7gHV2Ef85vqPrwF8NyDuJpp7P2yHgXPKez
  13. One more question. Can I reinstall Windows to be sure there is no more threat without danger not to be able to decrypt files later. Is it helpfull to send you original file and encrypted file
  14. What is an online ID Is it code at the bottom of this file I have in folders Can you help me to decrypt my files ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0190Asd374y5iuhldApn3anQGQMVDxbtdEnREEg8Ql3VxP2W42K7hxGpX
  15. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
  16. My recommendations right now are first to make a backup of your encrypted files, and also to file a report with your country's national law enforcement:
  17. None that I'm aware of. I recommend keeping an eye on BleepingComputer's news feed, as they will almost certainly report on a decryption tool for this ransomware if one happens to be released:
  18. To my knowledge, Hermes 2.1 is not decryptable.
  19. If shadow copies had not been entirely wiped out, then there's a slight possibility that file recovery software (Recuva from Piriform for instance) may be able to recover some files, however most ransomware either overwrites old files when encrypting the data or securely erases them to guarantee such recovery is impossible. In the vast majority of cases file recovery isn't possible without decryption. It really just depends on whether or not the criminals who made the ransomware considered data recovery methods and how to prevent them, and whether or not there were any bugs in the ransomware that caused it to fail to properly overwrite or erase files. STOP/Djvu has been around for roughly one year, and the criminals behind it have had enough time to work out issues that allow for easy recovery. They've even changed the type of encryption used to make it impossible to decrypt the files without the private key. If your files do have an offline ID, then that's the strongest possibility you have for decryption. My recommendation is to back up your encrypted files, and then try the decrypter once every week or two just to see if we've had a chance to add the offline key for this variant of STOP/Djvu.
  20. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
  21. There are companies other than Coveware that are also honest about the fact that they pay the ransom for you. Unfortunately I don't have a list of them.
  22. That's not a problem. We don't mind if it takes some time.
  23. Can anyone please help for ransomware with extension .righ
  24. I would consider it but I'll have to do it when I have more time. That's going to be more involved. Not sure when I can test that out. Sorry...
  25. Hello Thank You All for Your time and answers. I think I will wait and maybe in the future decoding will be possible, but I have no hope now . I am still trying find the way for my infected data recovery. Good news is, that I have a copy, but not all files. It is very strange for me, that NOD32 AV didn't recognize viruses before infection. After infection AV recognized problem and removed viruses, but how it is possible to agree with encoding files? So, thanks again for Your cooperation and have a nice day :)) If You will have some suggestions I will be very glad and happy, to hear something about it in the future. Greetings Piotr
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up