Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 09/14/21 in Posts

  1. Hello @KYO, Welcome to the Emsisoft Support Forums. That extension is used by STOP(DJVU). Unfortunately, we no longer have any method to decrypt STOP(DJVU) unless the encryption occurred before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ I understand it is frustrating, but currently, we cannot decrypt files that we do not have the Private Encryption Key in our Database. There's the possibility that law enforcement may be able to catch the criminals and release their database of private keys, meaning that you could try again using the tool in few weeks in case something changed. We do not recommend paying the ransom unless there is absolutely no other choice. 22% of those who paid a ransom never got access to their data. 9% said they got hit with additional ransom demands after paying. We’re talking about criminals, after all. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ Please consider subscribing to a reliable anti-malware application to avoid similar issues in the future. You can get our full version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/pricing/ I know it’s a big loss for you. We are glad to offer this service for free and help as much as we can, but there is not always an immediate resolution for all the cases.
    1 point
  2. China, Romania, Russia, and Turkey are just 4 such countries. Criminals don't care about your data, they only care about how big their bank accounts are. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
    1 point
  3. Because these criminals operate in countries that turn a blind eye to their activities, as long as they do not target systems inside said country. Until these countries stop providing a safe haven for these criminals to operate from, this is not going to stop any time soon.
    1 point
  4. Hello @SalasKafa, Thank you for contacting Emsisoft Support. TOPI is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files. Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the TOPI variant of STOP/DJVU.
    1 point
  • Who's Online   0 Members, 0 Anonymous, 49 Guests (See full list)

    • There are no registered users currently online
×
×
  • Create New...