Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 05/18/21 in all areas

  1. No, he simply has "File name extensions" hidden in Explorer (it is highly recommended to change that...). You can see the "Type" shows as "DRUME File". As for the 404 error, it's an anomaly based on the files that were listed there. When the decryptor sees the STOP Djvu filemarker ("{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}") in a file, it takes the extension and asks the server "hey, is this Old or New Djvu?" (if it hasn't already asked for that extension). Apparently, those files had the filemarker, but no appended extension. There seems to be a security thing with the server engine that i
    1 point
  2. Usually, each new variant, which is distinguished only by a new extension, uses its own key, but sometimes several variants are united by a common key. I am not investigating these coincidences. Only the developer of the ransomware program can know this. Well, and accordingly, it can be detected by the one who adds the decryption key to the decryptor. That is, it's a decryptor developer.
    1 point
  3. Hi My PC is infected with .pcqq extenstion and has disable all the anti-virus running on my PC. All my files are encrypted. How can i decrypt it
    1 point
  4. Yesterday i have been infected with virus which believed to be Ransomware. It encrypted my whole files in my computer and they leave aa message that required me to pay them $980 to get decryption tool. My personal ID: 0300ewgfDdLQbDo3EfIVHxGuJOWRJdmxgY66rD6kiyqz4tzyt1
    1 point
  5. Hello @MONI The Emsisoft Decryptor has not been updated with new keys for a long time. This is no one's fault, it just does not depend on any of us. Adding new keys depends on the voluntary transfer of keys by those victims who paid the ransom and transferred the key to the decryption service.
    1 point
  6. Hello getachala, Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu)
    1 point
  7. If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed. There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp
    1 point
  8. The permissions issue has been fixed in todays 2021.5.1 hotfix release Thanks for your help on this @Raynor
    1 point
  9. Thank you very much for your great contribution to these unscrupulous people attack problems.
    1 point
  10. Hello @Elmer This is the result of an attack by the 'STOP Ransomware' program. The extortionists who distribute this malicious program have been operating with impunity for 3.5 years. Interpol and secret services are involved in dirty politics and do not want to direct their efforts against the extortionists. Emsisoft Decryptor can decrypt files, but only if there is a "t1" (offline ID) at the end of the ID. Your ID also has "t1". But this will become possible only after the decryption key of this variant is added to the Decryptor. When this will happen, it is impossible to predic
    1 point
  11. I got this malware last weekend. my files are very importance so I'm already paid for it. but I don't know this decryptor suitable for that attack on your computer .NUSM malware or not
    1 point
  12. I recommend backing up your currently encrypted files to an external drive before any experiment. Good luck!
    1 point
  13. This is the result of an attack by the 'STOP Ransomware' program. The extortionists who distribute this malicious program have been operating with impunity for 3.5 years. Interpol and secret services are involved in dirty politics and do not want to direct their efforts against the extortionists. Emsisoft Decryptor can decrypt files, but only if there is a "t1" (offline ID) at the end of the ID. But this will become possible only after the decryption key of this variant is added to the Decryptor. When this will happen, it is impossible to predict. Save the encrypted files in a safe pla
    1 point
  14. If you disable "Automatically quarantine programs with bad reputation" then the Behavior Blocker will display an alert for known bad programs rather than taking automatic action.
    1 point
  15. Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Fi
    1 point
  16. Hi, I have been attacked as well, all my files turned into NUSM on my SSD and i don’t have any recent backups. The Emisoft decryptor is not working since they encrypted through an online key. This ID is 0298SirjgeZwXy0mWQ7jHl2WCrKfFpRGVLV6DVeMtZw7bYSB 3 years of my work is gone and it feels like my life is basically over. Please help.
    0 points
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...