Jump to content

Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      142

    • Content Count

      14248


  2. Amigo-A

    Amigo-A

    Member


    • Points

      64

    • Content Count

      1554


  3. stapp

    stapp

    Global Moderator


    • Points

      15

    • Content Count

      3616


  4. Frank H

    Frank H

    Emsisoft Employee


    • Points

      13

    • Content Count

      1769


Popular Content

Showing content with the highest reputation since 06/13/20 in all areas

  1. Note: It is recommended to make a backup of all important files before using the decrypter. Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <
    5 points
  2. Everything is clear, except the parts that are in Russian. I'm going to send you a private message with some instructions.
    3 points
  3. Do you mean this Minimalist? https://support.emsisoft.com/topic/33516-why/?
    2 points
  4. Because the decrypter already supports it. The reason it can't decrypt files encrypted by this newer variant is due to the fact that we don't have the private key for it's offline ID. We have to wait for a victim with an offline ID who paid the ransom to donate their private key to us.
    2 points
  5. Hello, The posts you found are more than 5 years old. In terms of security software that means the information there is severely outdated. In the past years considerable changes have been made to our products and currently Emsisoft Anti-Malware protects against fileless malware. Fileless malware detection has nothing to do with the reputation settings you asked about; our behavior blocker routines were adapted to adequately detect and block fileless malware a few years ago.
    2 points
  6. The issue appears to be due to non-Latin characters in workspace names. We're implemented a workaround for this, so hopefully that resolves the update issues.
    2 points
  7. We've found a minor difference in the ransomware from what we've seen previously that effected brute forcing the key, however we were able to do it manually. Use this key file along with the decrypter (put them in the same folder and run the decrypter): https://gt500.org/emsisoft/forum_files/2020-09-18/radansya/decryption.key
    2 points
  8. The guy in the video is basically just saying that if you pay the ransom you'll get your files back. The video, and any information in it, are utterly useless.
    2 points
  9. EAM's debug logging (which is completely different from the Forensic log) creates a lot of extra log data. It's a continual trace of what EAM is doing internally. It has to be on before the problem happens so that those logs show the logic of what EAM was doing when it hit the problem, and what it did next. Some people (me, for example) almost always have debug logging on... but I stop and start it every three or four days and throw away the accumulated log files. However whenever I have a problem I already have the logs to send to Emsisoft. Debug logging will slow your machine down
    2 points
  10. I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.
    2 points
  11. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ There is no way to know for certain, however it is theoretically possible that someone may be a
    2 points
  12. In theory it's possible. If private keys are released that be can use to decrypt files, or if someone finds a vulnerability in the way the ransomware encrypts files.
    2 points
  13. This information may help specialists. I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change. You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists. A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt.
    2 points
  14. In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware.
    2 points
  15. DrWeb support usually do not use international names of ransomware.
    2 points
  16. Results of checking your files: https://id-ransomware.malwarehunterteam.com/identify.php?case=9da99e33569fe0af64a43b520f35bababd09ad3c https://id-ransomware.malwarehunterteam.com/identify.php?case=2e2e29f85fe2918c33683e2faeade22e51cf81ec https://id-ransomware.malwarehunterteam.com/identify.php?case=2f1a3356c8705f995285ab41e9456bc61f11d20e
    2 points
  17. Hello. Information was sent to virus monitoring team, please, wait for reply. I received such a message from Dr.Web specialists. They are working on decryption.
    2 points
  18. This is the general all decryptors page from Emsisoft. There is no decryptor for files encrypted by this ransomware yet. https://www.emsisoft.com/ransomware-decryption-tools/free-download
    2 points
  19. I must say more precisely -> You trust Emsisoft Personally, I only help a little to unmask the ransomware.
    2 points
  20. The ransomware doesn't need to put important information on the same hard drive/partition as the files it encrypted. This is why I recommend waiting to reinstall Windows.
    2 points
  21. Don't reinstall Windows until we know for certain what is needed to decrypt files. If there is something other than what's contained in the encrypted files and the ransom notes that's necessary for decryption, then you could wipe that out by reinstalling Windows, thus making it impossible to decrypt your files. For now just rely on Anti-Virus software to clean up the system. If you're not certain if it's clean, then let us know, and we can assist you.
    2 points
  22. Specialists of several companies (Emsisoft, DrWeb) are working on decryption of files that are encrypted by Avaddon. There are currently no decryptors and successful decryption methods without paying a pay for ransom.
    2 points
  23. I am waiting for the verification results. I have provided samples of files and malware, it remains to wait and hope. It is worse when they immediately say that "decoding by our forces is impossible."
    2 points
  24. My WSC does not recognise EAM either. Recommending that we should "uninstall EAM, restart the PC twice, and then reinstall EAM", on top of having to constantly disable and re-enable EAM components to deal with the still unfixed issue of excessive CPU usage, is uncceptable for a piece of software that is not exactly cheap.
    2 points
  25. Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Fi
    2 points
  26. Hello @Elmer This is the result of an attack by the 'STOP Ransomware' program. The extortionists who distribute this malicious program have been operating with impunity for 3.5 years. Interpol and secret services are involved in dirty politics and do not want to direct their efforts against the extortionists. Emsisoft Decryptor can decrypt files, but only if there is a "t1" (offline ID) at the end of the ID. Your ID also has "t1". But this will become possible only after the decryption key of this variant is added to the Decryptor. When this will happen, it is impossible to predic
    1 point
  27. I can only add that 'Crackithub.com', 'kmspico10.com', 'crackhomes.com', 'piratepc.net' are some of the STOP Ransomware distribution sites. Any program downloaded from there can be infected with this ransomware. Moreover, if you run the same malicious file again, the malware may receive an update and the files will be encrypted with a newer version. Independent experiments show that these sites also distribute other ransomware, so files can be encrypted by several different encryptors, and the encryption can be looped. We have seen samples of encrypted files that were encrypted every ti
    1 point
  28. No. Your files aren't infected, they're encrypted. Just make sure the ransomware itself have been removed from your computer first, because it will continue to encrypt files if it's still running. Emsisoft Emergency Kit can detect and remove it. https://www.emsisoft.com/en/home/emergencykit/ You can save them wherever you want. My only recommendation is to keep them saved on a device that you don't keep connected to your computer, and it's not a bad idea to have two or more backup copies just in case anything happens to one of them. Probably not. Most ransomw
    1 point
  29. You need to post here: https://support.emsisoft.com/forum/6-help-my-pc-is-infected/ There's instructions at the top of that forum about the information you need to provide. Good luck!
    1 point
  30. Please don't post malicious links on our forums. If you would like for us to analyze a file, or a malicious URL (aka. link), then run it through VirusTotal and post the link to the analysis here for us to review. We can download files from VirusTotal, so anything you upload there we have access to.
    1 point
  31. That usually means the decrypter was able to decrypt the file. Was there any other output?
    1 point
  32. Can you copy the output from the decrypter and paste it into a reply?
    1 point
  33. We found the issue, thanks to the logs @JeremyNicoll sent me last night. This happens when you have enabled notification "Application restarts". (Disabled by default) When an app restart is required, like yesterday, and you do not touch the notification and the counter goes down to 0, no app restart is performed We will fix this in the upcoming 2021.1 version;
    1 point
  34. This is a scam. Please do not contact this person.
    1 point
  35. Hello, my laptop was hacked yesterday by ".nile" ransomware. All my files encrypted with a .nile extension. I scanned my pc and I cleared my pc. I guess I have an offline ID. Personal ID: "tzIlR6QjAwRHl9bgqg72TtpNa8D820Lw1dW6CUt1" I tried Emsisoft Decryptor for STOP Djvu but it did not work. What should i do? Please help me
    1 point
  36. I used decrypt_STOPDjvu app to decrypt my files. this error showed up File: E:\nile ransomware affected files\Maths[A level]\Applied_Maths\PROBABILITY THEORY VIDEO-01.mp4.nile Error: No key for New Variant offline ID: tzIlR6QjAwRHl9bgqg72TtpNa8D820Lw1dW6CUt1 Notice: this ID appears be an offline ID, decryption MAY be possible in the future Does that means i can still have hopes getting my files back? I have a exam in octomber. so i need these files to be decrypted quckly. when i can get my files back sir. you guys are my last hope. my heroes. please help
    1 point
  37. well I wouldn't Stapp - I'd expect it to pause for 60 minutes and stay that way if I reboot, until 60 minutes has elapsed - if I wanted it to pause until reboot, I'd use that option instead. I also notice now that Shut Down Protection re-enables itself after reboot as well - has it always been like this ?
    1 point
  38. If you are using Windows 7 please make sure you are using the latest .Net Framework update. https://dotnet.microsoft.com/download/dotnet-framework
    1 point
  39. @Raynor did you check the new column chooser yet ? Sortings are saved now.
    1 point
  40. @jaffar Thank you, I was able to confirm the key works for your files with that ID. I have added it to the server for the .rote extension. You may simply re-run the decryptor, and it should be able to decrypt some of your files now.
    1 point
  41. Sir, is there any possibility that the decrypter will be maked in the future?
    1 point
  42. See: https://help.emsisoft.com/en/1597/download-installation/
    1 point
  43. I don't think you were incorrect, I just think you'd didn't know about how it works Taken from here, have a little read. https://www.online-tech-tips.com/windows-7/run-old-programs-in-64-bit-windows-7-with-compatibility-mode-options/
    1 point
  44. You'll have to wait for @Amigo-A as I have no contacts at Dr. Web.
    1 point
  45. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  46. Ok thank you sir. I always trust you.and I'm waiting only for your AVADDON decrypter.I never trust them. Please consider my request. Shall I reinstall windows or not? because till AVADDON affect my pc,I used windows 7 professional.now it has expired and no secure.so I'm going to upgrade to 10. Are there any problems to my important ransomware affected files by upgrade my windows?. Please sir ...answer. Should I keep those files in same pc with same windows or can I move them to another disk?
    1 point
  47. For your own safety and security, never ask for files from people you don't know. In this case, you would have merely reinfected your computers, and run the risk of making your problems even worse. Stick with solutions from the experts, and if someone promises a "solution" then give us a chance to verify it first. Our goal is to try to thwart these criminals and keep everyone safe, and if there's anything we believe has a reasonable chance of helping you then we'll let you know.
    1 point
  48. @SalasKafa Try running the decryptor again; we may have just received a key for that ID recently. 😉
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...