Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      16

    • Content Count

      9416


  2. Amigo-A

    Amigo-A

    Visiting Expert


    • Points

      5

    • Content Count

      193


  3. Thomas Ott

    Thomas Ott

    Emsisoft Employee


    • Points

      4

    • Content Count

      1231


  4. Fabian Wosar

    Fabian Wosar

    Emsisoft Employee


    • Points

      3

    • Content Count

      4403



Popular Content

Showing content with the highest reputation since 04/22/19 in all areas

  1. 2 points
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  2. 2 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 1 point
    I don't know the source of the infection MR, By the why the contents quarantina has ben delete by the avast boots scan. Here I'm attach the log from EEK, i don't know whether this can help. sory my bad english...
  4. 1 point
    As Amigo-A said, that is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  5. 1 point
    After checking the PC (or only folders with encrypted files), you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.
  6. 1 point
    Sophal You correctly think this site with kmspico is the source of the infection! Due to the launch of a malicious file from there STOP Ransomware encrypted your files. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  7. 1 point
    "Opt in " 1 click, " Opt out " 1 click, so convenience is the same either way. For people who like not to having to renew every year its fine, but, many people are unaware of this, you know how people are, they just click click click without reading a dam thing. Many people will be receiving invoices they are not expecting and this is how the slimy companies get them. Not saying Emsisoft is one of these, on the contrary Emsisoft is one of the best, if not the best, for integrity and customer service. I just don't like opt out. If you continue on this route then you need a page to pop up with 4 inch letters explaining what is happening so that there is no way anyone can miss it.
  8. 1 point
    [!] No keys were found for the following IDs:[*] ID: kdKoug7mCqSlGVQyBnLCBiCVzGFqKASgYnaVFcph (.roldat )Please archive these IDs and the following MAC addresses in case of future decryption:[*] MAC: 8C:16:45:3D:C1:B6[*] MAC: B2:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:24This info has also been logged to STOPDecrypter-log.txt
  9. 1 point
    First of all I like to thank Emsisoft for the fine decryptor offerd, it was good feeling to have the date restored. In this contribution I want to reflect on how (in my opinion) to avoid further attacks on the NAS Synology as well as how to back-up when not using ‘cloud’ options. As Amigo said: Having done my homework now, I think those machines are not defenseless, but they are sold with all doors open, furthermore it takes knowledge to find the doors, windows, escapes etc. Unfortunately the helpdesk to my experience (in many ways) was not always helpful. Anyway no (relevant) update has been provided since December 2018. Checking the system As a general remark I have found no (new) traces of intrusion other than I have reported before. So let’s start with that. From package center you are able to install “Antivirus Essential”, which allows you to do a system-scan on the DSM software. As a nice to know: In case you want to deïnstall any package/program, you will first have to select (double click on a installed package) which brings you to a separate menu, where you can select delete from a dropdown. Please know, that a complete scan by antivirus includes all data could take days or weeks, but that could also be done using a regular antivirus scanner. A system scan however can be scheduled on a daily basis. I am not sure/doubt whether that the scanner will detect uninfected programs not installed by yourself and not been published by Synology and its partners, but I assume it will detect infected files. Secondly you would like to check the published cron-job’s. Those will be found in the control panel as task-manager. In that task-schedular you will find DSM auto-update and maybe some other tasks. Unfortunate you will not find all tasks. For instance a scheduled Antivirus scan will not appear. Also do check your access-logs as I wrote on April, 26th in this blog. I’m afraid there is no other opportunities available to check the system. Prevention The most important probably is to block guest account, check my message on April 18th. Moreover, one should avoid to use regular user names such as ‘guest’, ‘admin’ or ‘user’, those names are vulnerable in general, I have noticed some hacking attempts using those names. Then open “Security Advisor” from the programs (check the most left up icon to find all your programs) and directly go to the advanced settings. Here you probably will find that the setting is set to ‘home and personal use’, which offers only restricted protection. I like to suggest to change that to custom and then select all items, to allow you to evaluate in a further phase what protections does make sense for you. Now you go back to the main screen (Overvieuw) of the security advisor and press scan to see whether your protection is good. The Security Advisor will then make suggestion what to change and where to find relevant settings for your system. It will guide you to find-out which port-numbers to change, whether your passwords are good enough, and much more. A special attention I want to draw when using the NAS on internet. I would feel like not doing that, but if you do so, It is wise to have dedicated users for the internet usage, which users you should set to double verification when connecting such as pin-code verification via SMS or email, further it is wise to use encryption during data transfer, preferable by installing a valid certificate on your system. All those features are available on the NAS but they have to be activated by yourself. The general settings of Synology will give you a maximum access as easy as possible, but that will make it for others easy as well. For more info on this subject check the Synology website. You also want to check the firewall, which you can find in the configuration screen, item Security. I mention this point separately from the Security Advisor, because at this point the guiding is not as good. To use the firewall, you have to switch it on, and moreover you have to make your own firewall-rules. Again, don’t assume that default rules are good enough. So select a custom profile for the firewall profile and press the button change the rules. Relevant rules can be altered by selecting LAN on the up right dropdown. Now when you choose not to access your NAS via Internet I would recommend to close the ports for NTP-service, Bonjour, FTP, ATP, CIFS, NFS, Telnet and SSL. Those ports should be closed for all IP addresses ranging from 1.0.0.0 to 223.255.255.255 but not for those IP addresses (range) specifically used in your own network. B.t.w.: the NAS will not allow you to exclude yourself as long as you are logged in. Finally you want to be informed in case anything unexpected has happened. You can do that by configure your email account in the settings for e-mail which can be found from control panel, messages. Indeed you can select which type of messages you want receive and which not in the tabsheet advanced. Back-up When deciding not to use the internet for back-up one can use several external USB-drives to have a program for backups on save places and manual rotations. For this old school solution I have used Hyper-Backup, which can be installed from the package center. Hyper-backup allows you to have a time-machine file management, to compress data and avoiding duplicated data as well as it allows to encrypt the data. Encryption is a good idea as you (should) carry the USB disks to different locations. You then will require a password which generates a RSA-key, which password and/or key you need to store in a proper way to have an orderly future access to your data. Hyper-backup has a good interface. To have a back-up choose ‘local map & USB’, and then select as shared map the applicable USB-drive and the name of the backup. For each back-up drive you should choose a different task and a different name, as you then can continue with the other backup settings and finally the initial backup. As a consequence of compression, encryption etc, that initial backup could take several days. Of course the succeeding incremental backups are much quicker. So the next initial backup disk you want to increase the speed. This can be done by copying the data form one disk to another, where you only copy all data from that map in the root which carries the name of that backup you placed on the drive. On the new drive you will than change the name of that map to the new backup name. When now making a new backup task, again choose ‘local map & USB’ but then do not use standard the radio-button selection ‘make backup task’ but select ‘link to an existing backup task’. From here you select the new USB drive and the newly made map containing the initial or progressed backup data. You than have an initial backup right from the beginning. Summery The possibilities for checking the actual health of the system are available but this could be insufficient. Nonetheless, good methods for protecting the system exist, where the Security Advisor is essential to find the right protection. However, it requires the user not to rely on any default settings of Synology which in general can be described as week. Many Back-up solutions are offered including the ones which are off-line. Bottom-line there still is room to improve the product to make it more secure to a non-specialized public. To me it appears the message Synology send to us is: "We don’t care".
  10. 1 point
    He said that while he did add detection to try to keep people from using keys that are not correct for their encrypted files, he also said that it is technically still possible to get the decrypter to allow you to enter an incorrect key and end up with corrupted files. Nothing is completely foolproof, after all.
  11. 1 point
    The criminal who made the ransomware threatened to increase the price of decryption if no one released a free decrypter by a certain date, and we didn't want him to know that a decrypter already existed, so no one met his deadline. It's possible that the prices in ransom notes will still vary slightly. I've asked the developer who made the decrypter for confirmation about why your files couldn't be decrypted.
  12. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  13. 1 point
    mario.rossi Today the STOPDecrypter has been updated with the support of the .dutan extension https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Try decrypting some files first by making a copy of them for test.
  14. 1 point
    This is going to be a difficult one, because I see multiple ID's in that screenshot, and none of them are the one from the ransom note you attached to your post. Would it be possible to attach a copy of STOPDecrypter-log to a reply so that we can see all of the ID's?
  15. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  16. 1 point
    Hallo darktwilight, vielen Dank für die Rückmeldung. Sehr gerne. Alles klar, ich melde mich dann auch gleich noch einmal via privater Nachricht.
  17. 1 point
    Hallo darktwilight, vielen Dank dass Sie unseren Support kontaktiert haben. Gerne habe ich Ihnen einen Link per privater Nachricht im Forum zukommen lassen mit dem nur eine Lizenz für Emsisoft Mobile Security erstanden werden kann. Auf Anfrage erledigen wir das gerne weiterhin. Wenn auf ein Google Kommentar nicht reagiert wurde dann liegt dass daran dass wir dort nicht so schnell antworten wie in unserem Support-Forum oder wenn Sie uns per E-Mail kontaktieren. Vielen Dank für den Hinweis. Für weitere Fragen stehe ich gerne zur Verfügung.
  18. 1 point
    Ich kann mich der Kritik nur anschließen. Die ganze Richtung, die Emsisoft in den letzten Monaten genommen hat, gefällt mir auch nicht.
  19. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Actually, Demonslay335 told me earlier today that he already helped you, so you should be good to go. If you need anything else, then please let us know.
  20. 1 point
  21. 1 point
    Independent certification body Virus Bulletin recently released the results of their latest rounds of VB100 tests. Once again, we’re happy to announce that Emsisoft Anti-Malware aced the tests and walked away with a perfect score! What is the VB100? The VB100 is a certification test designed to evaluate the detection capabilities of antivirus software. To perform the tests, each antivirus product is installed on a physical computer or virtual machine with specifications you would expect to find on a business PC. The products are installed with default configurations on a clean, dedicated instance of Windows. Each test is performed on two different systems, one running Windows 7, the other running Windows 10. The security products are then exposed to a range of malicious samples taken from various malware sets, including: The WildList set: A set of a few thousand samples curated by the WildList Organization. The AMTSO RTTL: The Real-Time Threat List is a continuous feed of 1,200-3,000 new samples collected by malware experts around the world and managed by the Anti-Malware Testing Standards Organization. The Diversity set: A set of 1,000-2,000 recent malware samples. The products also scanned a subset of 100,000 files taken from the clean sample set, which is a collection of 400,000 non-malicious files. To achieve VB100 certification, a security product had to be able to meet the following criteria: Identify at least 99.95 percent of malicious samples. Generate no more than 0.01 percent false positives. How did we do? We’re delighted to report that Emsisoft Anti-Malware achieved a perfect score in every category. Our flagship software identified 100 percent of the 2000+ malware samples used in the tests while generating zero false positives along the way, earning it VB100 certification. We’re pleased to see Emsisoft Anti-Malware excelling in test conditions, and we’ll continue working hard to provide the best malware protection on the planet! About Virus Bulletin Virus Bulletin a security information portal, testing and certification body based in the UK. VB100 certification tests are designed to assess the detection capabilities of endpoint security solutions. A product that has been awarded VB100 certification can generally be trusted to provide a certain level of protection against malware. Click here to see the full report, or click here to have a look at some of the other awards we’ve won in the past. Have a good (malware-free) day! The post Emsisoft Awarded VB100 certification in April 2019 tests appeared first on Emsisoft | Security Blog. View the full article
  22. 1 point
    The server I own was recently infiltrated with the .nampohyu ransomware. I have a Synology Diskstation that I use to store my DVD and Bluray collection, consisting mostly of direct backups of my collection (for DVDs it's file folders each containing the .VOB files and .IFO files for each individual movie. For Blurays, its a folder for each movie that contains either an .ISO file of the disc or BDMV and CERTIFICATE folders for each individual movie). The files on my Diskstation are not 'encrypted' even though the ransom note would have you believe that. While I could physically wipe the server and re-load all my movies (they are in boxes in my basement), I've discovered a time-consuming solution for myself: For the DVDs, each movie was saved in an individual folder containing the AUDIO_TS and VIDEO_TS folders from the DVD. In the folders are the .VOB files, .IFO files and .BUP files. I used command prompts to bulk remove the .nampohyu extensions from the .VOB files. I found that the existing .IFO files were corrupted so I deleted them and renamed the accompanying .BUP files as .IFO files. This restored the functionality of the DVDs. For the Blu-Rays, the ones that were saved as .ISO files, it seems that the .nampohyu ransomware corrupted the header in the .ISO file. I used the command prompt line to bulk delete the .nampohyu extensions on the files. Then I purchased a program called IsoBuster, loaded the .ISO file of the movie into it, then extracted the BDMV, CERTIFICATE and whatever other files were in the .ISO file into another folder. I'm assuming this got rid of the corrupted header in the original .ISO file because it brought the Bluray back to life. It is a tedious process to do this for all my movies but at least I didn't lose my collection and be damned if I am going to pay some thief to return to me what id rightfully mine. Hope this information helps.
  23. 1 point
    Yes, all these actions have already been done, access to SAMBA on the router is closed, Guest's account too. The Synology software has always been updated on a regular basis - but that did not help - unfortunately, as you can see. So I am waiting for information and advice on how to decode these files - I will be grateful for your help.
  24. 1 point
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  25. 1 point
    I think the window for figuring out they keys for .hrosas expired Friday night, and the window for .verasto expired a day or two before that. Assuming Demonslay335 replied to your private message, then I assume you sent him the MAC address you posted here as well? If so, then he'll archive it for future reference (by which I mean "in case he's able to figure the decryption key out at some point in the future").
  26. 1 point
    @nneo Keys are unique per victim, and only some are lucky for me to be able to recover a key in very rare cases. Everything is explained in the first post and FAQ of the support topic: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/ If you were hit by extension .kiratos, I need this information ASAP. If any other extension, I just need it to archive.
  27. 1 point
    Hallo Emsi-Geschäftsführung. Ich wollte gerade meine Lizenz für ein weiteres Jahr verlängern. Das hat leider nicht geklappt, weil ich kein Häkchen bei "Abonnement" gesetzt habe. So konnte der Bestellvorgang nicht beendet werden. Braucht Ihr Eure treuen Privatkunden nicht mehr? Dann sehe auch ich mich, allerdings ungern, nach was Anderem um, bspw. Malwarebytes.
  28. 1 point
    Hallo Emsisoft und hallo Thomas! Muss das Thema noch einmal aufgreifen: Hatte im letzten Jahr schon meinen Unmut zur Abo-Variante des Lizenzsystems kundgetan. Immerhin war da noch über die Mail von Cleverbridge eine umgehende Kündigung relativ einfach möglich. Vermutlich hat Emsisoft dies auch bemerkt und nun mit dem neuen Abrechnungsdienstleister "2Checkout" auch diese Möglichkeit entfernt. Beim heutigen Kauf der Verlängerung kamen insgesamt drei Mails (1. Bestätigung des Kaufs / 2. Bestätigung der Zahlung / 3. Produkt-/Abonnementinformationen). In keiner dieser Mails ist eine Möglichkeit beschrieben oder verlinkt, die Kündigung des Abos auszuführen. Dieses Geschäftsgebaren hat nichts mehr mit dem bisher üblichen vertrauensvollen Verhältnis und den angenehmen Kontakt bei Fragen zu tun! Kundenbindung wird nicht durch Abos sondern durch gute Produkte (welche Emsisoft nach wie vor fertigt) und vernünftigen Support erreicht. Also: Wie kann ich nun mit einfachen Mitteln das aufgezwungene Abo umgehend kündigen??? - Danke für kurzfristige Antwort und hoffentlich baldige Änderung des Lizenzsystems - Back to the roots! VG Holger
  29. 1 point
    Unfortunately those MAC addresses aren't correct. The correct network adapter must have been offline when STOPDecrypter was run. To get the correct MAC address we can use a simple batch file. Download and open the ZIP archive at the following link: https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip When it opens, you'll see a folder containing a file named Get_MAC_Addresses. Double-click on that "Get_MAC_Addresses" file, a black window should appear and then shortly disappear. After that there should be a new file on your Desktop called MAC_Addresses. Please attach that "MAC_Addresses" file to a reply, or send it directly to Demonslay335 in a private message to expedite the process (be sure to also send him a link to this topic, or at least send him the information you posted here from STOPDecrypter).
  30. 1 point
    Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.
  31. 1 point
    You also can uploading a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ But the result will be the same link to the forum BleepingComputer, because requests of the victims are initially collected there. Demonslay335 will also receive your information if you leave it here.
  32. 1 point
    Hello. Yes, there was a malfunction and some messages could be lost. Fortunately, the forum was promptly restored. Your files are encrypted with the new STOP Ransomware variants with extensions .verasto and .hrosas This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link.
  33. 1 point
    Hmmm. Well - it wasn't me. Maybe I accidentally violated an Emsisoft Forum policy inadvertently? DECRYPTION TESTS WERE SUCCESSFUL!!! If anyone is reading this into the future, I would say that you should heed GT500's advice to check out Bleeping Computer - and reach out to Amigo-A because he understands the product that decrypted for me. The advice on this forum started me on the path to a solution. I can't thank everyone here enough!
  34. 1 point
    Hello everyone, We would like to inform you that due to a corrupted MySQL database we had to restore a recent forum backup. This means that all changes made since 2019-04-25 at 18:08:37 UTC have been lost. This includes among others: Posts, topics, registrations and profile changes. We apologise for the confusion and inconvenience this may have caused you.
  35. 1 point
    Hallo Icewolf, Mittlerweile lässt sich sagen dass es sich um eine falsche Erkennung handelt. Der Eintrag wird berichtigt und die Änderung bald in einem Update veröffentlicht werden. Vielen Dank für die Unterstützung. Ich wünsche einen schönen Tag!
  36. 1 point
    You are dealing with two different ransomware. ID Ransomware picked up on the "second layer" of STOP Djvu with the .adobe extension. No way to determine what the first ransomware was without the malware or ransom note from it. Support topic for STOP Djvu: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/
  37. 1 point
    Your use case is rare. Most enterprises have multiple groups. To avoid users to not make changes on Workspace level by error, we decided to jump to the 'new computers' group by default, like in Emsisoft Enterprise Console. Sure. Please note that Emsisoft Cloud Console is a first beta, bugs and missing features exist. We are working hard to improve step by step. With this setting you can instruct Emsisoft Anti-Malware to not scan certain registry settings, as they are commonly used by system administrators: example: "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system", "DisableTaskMgr" This is by design. A License can be linked to a users OR Workspace. Users cannot delete Workspaces yet. We understand that you now mis certain info related to seat usage, for example,. In a near future ECC release we will improve this,l ike showing the devices that use the same license but have not been connected (yet). I hope this helps.
  38. 1 point
    To add to what Amigo-A said, your ID doesn't appear to be an offline ID, so the chances of being able to decrypt your files is slim. That being said, if you download STOPDecrypter, run it, and copy and paste the ID and MAC it gives you into a reply then I can forward them to the create of STOPDecrypter in case he is able to figure out your decryption key at some point in the future. Here's a link to instructions on how to do that: https://kb.gt500.org/stopdecrypter
  39. 1 point
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  40. 1 point
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  41. 1 point
    @Albert-S and @borstibo there is a possibility that if you remove the drives from the effected NAS, and connect them to a computer that is capable of reading them (if they are formatted with either that FAT32 or NTFS filesystems then Windows computers should be able to read them), that you may be able to use file recovery/undelete software to recover some of the files. Please note that this is based on an assumption, and may not be correct. The assumption is that the device is not actually infected, and that an attacker was able to gain access through a service on the NAS such as FTP or SMB, copy the files to their system, encrypt them, and then copy them back to the NAS. There's also the possibility that the files may simply have been renamed rather than being encrypted. If you want more information about the possibility of using file recovery software, then look over some of the messages that I and Amigo-A posted for Mr_Ohrberg further up in this topic.
  42. 1 point
    @ren normally I would recommend uploading a copy of the ransom note and an encrypted file to ID Ransomware in order to verify which ransomware you're dealing with, however I would believe that the "djvur" extension was only used by one of the Djvu variants of the STOP ransomware. Go ahead and following the instructions in this post to download and run STOPDecrypter to see if it can decrypt your files. If it can't find a key for you, then it will tell you your ID and MAC, which you can paste in a reply and I can forward to Michael Gillespie (the creator of STOPDecrypter) so that he can archive your information in case he is able to figure out your decryption key at some point in the future.
  43. 1 point
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  44. 1 point
    Hallo Thomas Vielen Dank für Deine Hilfe via PN. Immerhin gibt es diesen "Umweg" um vor Querelen geschützt zu sein. Andere Nutzer sind da wahrscheinlich versierter um das mit Cleverbridge klarzukriegen. Ich bin ganz froh, daß Du mir helfen kannst und willst. Danke dafür .
  45. 1 point
    Ja, Icewolf, wie Du hatte auch ich gedacht, daß Emsi sich unserer Kritik annimmt und da nachbessert. Für mich erstaunlich wegen der bisher so besonders kundenfreundlichen Praxis (keine Daten verhökern, keine Toolbars etc. mitinstallieren...), daß man unsere Beschwerden offenbar stumpf ignoriert. Bei allem Pipifax,wie "nicht übersetzt, fehlt was am Rand, Farbe nicht gut, Anpassung an Monitor unzulänglich etc.)" wurde irgendwann - meist schnell - reagiert und nachgebessert. Jetzt kommt man mal mit einer wirklich schwerwiegenden Kritik - und nix passiert. Naja, Win10 bringt ja den inzwischen reiferen Defender mit, und da "der Geiz geil ist" werden die meisten Kunden keine zusätzliche AV Software installieren. Da scheint die Firmenleitung ihre Felle schwimmen zu sehen... Anders kann ich mir einen so schwerwiegenden Fauxpas nicht erklären bei der bisherigen Philosophie des Herrn Mairoll. Schade
  46. 1 point
    Ich dachte das wollte man ändern? https://support.emsisoft.com/topic/30225-neues-lizenz-system-abonnement/
  47. 1 point
    For the following ransomware, we have decrypters: Actively spreading ransomware: MRCR or Merry X-Mas Globe Globe 2 Globe 3 Nemucod Philadelphia Stampado Xorist Actively spreading ransomware, but the decrypter only works for older infections: Al-Namrood NMoreira LeChiffre PClock FenixLocker GlobeImposter Inactive ransomware: 777 Apocalypse ApocalypseVM AutoLocky BadBlock CrypBoss CryptInfinite CryptoDefense DMALocker DMALocker2 Fabiansomware Harasom HydraCrypt Gomasom KeyBTC Marlboro OpenToYou OzozaLocker Radamant
  48. 0 points
    my files are infected with ransomware . the extension is (.fedasot) and i canot find decrypter for this. i need help to decrypt these files i am looking for any decrypter plz help me
  49. 0 points
    Upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ Then paste the result here and one of our experts will look at it.
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up