Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 05/18/20 in Posts

  1. Note: It is recommended to make a backup of all important files before using the decrypter. Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <
    5 points
  2. Everything is clear, except the parts that are in Russian. I'm going to send you a private message with some instructions.
    3 points
  3. Do you mean this Minimalist? https://support.emsisoft.com/topic/33516-why/?
    2 points
  4. Because the decrypter already supports it. The reason it can't decrypt files encrypted by this newer variant is due to the fact that we don't have the private key for it's offline ID. We have to wait for a victim with an offline ID who paid the ransom to donate their private key to us.
    2 points
  5. Hello, The posts you found are more than 5 years old. In terms of security software that means the information there is severely outdated. In the past years considerable changes have been made to our products and currently Emsisoft Anti-Malware protects against fileless malware. Fileless malware detection has nothing to do with the reputation settings you asked about; our behavior blocker routines were adapted to adequately detect and block fileless malware a few years ago.
    2 points
  6. The issue appears to be due to non-Latin characters in workspace names. We're implemented a workaround for this, so hopefully that resolves the update issues.
    2 points
  7. We've found a minor difference in the ransomware from what we've seen previously that effected brute forcing the key, however we were able to do it manually. Use this key file along with the decrypter (put them in the same folder and run the decrypter): https://gt500.org/emsisoft/forum_files/2020-09-18/radansya/decryption.key
    2 points
  8. The guy in the video is basically just saying that if you pay the ransom you'll get your files back. The video, and any information in it, are utterly useless.
    2 points
  9. EAM's debug logging (which is completely different from the Forensic log) creates a lot of extra log data. It's a continual trace of what EAM is doing internally. It has to be on before the problem happens so that those logs show the logic of what EAM was doing when it hit the problem, and what it did next. Some people (me, for example) almost always have debug logging on... but I stop and start it every three or four days and throw away the accumulated log files. However whenever I have a problem I already have the logs to send to Emsisoft. Debug logging will slow your machine down
    2 points
  10. I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.
    2 points
  11. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ There is no way to know for certain, however it is theoretically possible that someone may be a
    2 points
  12. In theory it's possible. If private keys are released that be can use to decrypt files, or if someone finds a vulnerability in the way the ransomware encrypts files.
    2 points
  13. This information may help specialists. I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change. You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists. A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt.
    2 points
  14. In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware.
    2 points
  15. DrWeb support usually do not use international names of ransomware.
    2 points
  16. Results of checking your files: https://id-ransomware.malwarehunterteam.com/identify.php?case=9da99e33569fe0af64a43b520f35bababd09ad3c https://id-ransomware.malwarehunterteam.com/identify.php?case=2e2e29f85fe2918c33683e2faeade22e51cf81ec https://id-ransomware.malwarehunterteam.com/identify.php?case=2f1a3356c8705f995285ab41e9456bc61f11d20e
    2 points
  17. Hello. Information was sent to virus monitoring team, please, wait for reply. I received such a message from Dr.Web specialists. They are working on decryption.
    2 points
  18. This is the general all decryptors page from Emsisoft. There is no decryptor for files encrypted by this ransomware yet. https://www.emsisoft.com/ransomware-decryption-tools/free-download
    2 points
  19. I must say more precisely -> You trust Emsisoft Personally, I only help a little to unmask the ransomware.
    2 points
  20. The ransomware doesn't need to put important information on the same hard drive/partition as the files it encrypted. This is why I recommend waiting to reinstall Windows.
    2 points
  21. Don't reinstall Windows until we know for certain what is needed to decrypt files. If there is something other than what's contained in the encrypted files and the ransom notes that's necessary for decryption, then you could wipe that out by reinstalling Windows, thus making it impossible to decrypt your files. For now just rely on Anti-Virus software to clean up the system. If you're not certain if it's clean, then let us know, and we can assist you.
    2 points
  22. Specialists of several companies (Emsisoft, DrWeb) are working on decryption of files that are encrypted by Avaddon. There are currently no decryptors and successful decryption methods without paying a pay for ransom.
    2 points
  23. I am waiting for the verification results. I have provided samples of files and malware, it remains to wait and hope. It is worse when they immediately say that "decoding by our forces is impossible."
    2 points
  24. My WSC does not recognise EAM either. Recommending that we should "uninstall EAM, restart the PC twice, and then reinstall EAM", on top of having to constantly disable and re-enable EAM components to deal with the still unfixed issue of excessive CPU usage, is uncceptable for a piece of software that is not exactly cheap.
    2 points
  25. I'd say turning it either on or off is optional, however Microsoft does seem to think that computers would be more secure with this option turned on.
    2 points
  26. That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key. Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries. Suggest you run the decrypter NOW.
    2 points
  27. We can take a look at it if you find it again, however it's more than likely that each computer will require a different private key to decrypt files, and thus the decrypter will only work on a specific computer.
    2 points
  28. Password protected archives work, as long as the password isn't posted with the link. Personally I prefer malicious files to be uploaded to VirusTotal and the link to the analysis posted, as we can download from VirusTotal but the average person who comes across our forums can't. Just keep in mind that all it takes to be allowed to download from VirusTotal is a premium account there, so technically anyone can get access to download files and thus you don't want to upload anything confidential there. We've started an analysis on it as well, however I don't think our malware
    2 points
  29. I have provided links to the analyzes above. Specialists Emsisoft will receive these files.
    2 points
  30. The Emsisoft Browser Security extension is now available on the Microsoft Addons store for Chromium Edge: https://microsoftedge.microsoft.com/addons/detail/jlpdpddffjddlfdbllimedpemaodbjgn Hopefully we'll be able to update EAM soon to check whether or not it's installed when you launch Chromium Edge.
    2 points
  31. In your use case it's OK to use Emsisoft Anti-Malware Home.
    1 point
  32. People have been saying that for decades, and they've always been wrong. It was almost certainly analyzed by someone on our team. I don't think we supplement with Netcraft's database on VirusTotal, or for our Surf Protection in EAM. As for the main issue, we've noticed that some Anti-Virus software companies do have a bad habit of making mistakes with reports. It's possible that the larger companies, since they handle a larger volume of reports, hire less experienced people to handle those reports rather than having the more experienced analysts handle them. We
    1 point
  33. Not necessarily. If no-one who has the WSC integration problem tests the Beta, then how are Emsisoft to know if the changes helped? Trying a Beta is a bit like being a participant in a drug trial.
    1 point
  34. Thanks sir. I think it worked. but following error still shows Error: No key for New Variant offline ID: tzIlR6QjAwRHl9bgqg72TtpNa8D820Lw1dW6CUt1 Notice: this ID appears be an offline ID, decryption MAY be possible in the future. This is what says in the _readme.txt file ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all y
    1 point
  35. Hello, my laptop was hacked two weak ago by ".nile" ransomware. All my files encrypted with a .nile extension. I scanned my pc and I cleared my pc. I have an online ID So the only solution is patience
    1 point
  36. There's only 1 offline ID for the .nile variant, so anyone with an offline ID has the same ID. The odds of getting your files back are good, but it will have to wait until another victim with an offline ID pays the ransom and donates their private key to us.
    1 point
  37. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  38. Hallo, Ich weiss nicht, ob Chip.de was gemacht hat oder etwas reingeschmuggelt hat. Ich verwende GeekUninstaller selber, habe das aber direkt von https://geekuninstaller.com/ runtergeladen und installiert ohne Probleme. Bitte laden Sie es von da runter. Gruß Claude Bader
    1 point
  39. Not with the STOP/Djvu ransomware. The ID is contained in the encrypted files (it gets appended to the end of each encrypted file) so there won't be any trouble figuring out which private key to use should they become available, so it's safe to reinstall Windows if you'd like to. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  40. DrWeb has been producing free decoders for many years, and was the first to start doing it. He continues to do free decryption for his licensed users around the world. Test decryption is done for free. It is better, than paying first, and then saying that decryption is impossible. I made a request — separately the decryption service is not provided. Only within the scope of 'Rescue Package'. Now more computing power is required to provide a decryption service, therefore it cannot be absolutely free to all affected users.
    1 point
  41. For files that received the .avdn extension after encryption, I provided 2 different samples of the encryptor in DrWeb. In the newer version, files already receive 'random' extensions. These are other samples of the encryptor. Most likely, newer ones will cardinally differ from earlier ones. I contact Dr.Web specialists as a usual user. But I collect and provide all available information, encryptor samples and everything else that is needed. Main link: https://legal.drweb.com/encoder/?lng=en Support works in 10 languages. Anyone can order a test decryption by providing: -
    1 point
  42. Apparently, the files were encrypted by Phobos Ransomware. You can check it yourself through the service ID Ransomware
    1 point
  43. I think the issue is mire that you are taking away ALL users freedom of choice based on statistics no one sees but yourselves i mean you have done that alot -Firewall discontinued - always defaulting scanners to default even though we want through (my scan level resets every time i restart) -removing privacy risk module all based on data we adapt because we love the product but moderate to advanced users want more control we do not want to be lumped in with grandpa just let us have this one we haven't said much about the other stuff
    1 point
  44. Hi. so i just saw something strange, there is a phishing site that Emsisoft do detect it as phishing at VT but in my system the site is not blocked by Emsisoft my extension at least it says it's up-to-date software database is also up to date. it's been an hour that i'm keep checking the URL it is still not detected on my system .. i thought Emsisoft extension get it's database real-time from cloud or somewhat like that? so this kind of difference or delay is kinda strange? Regards,
    1 point
  45. There are no decrypters for this one yet. I've asked for more info, as last I've heard is a couple of weeks old. If one employee on one workstation managed to infect an entire network and get all of the company's files encrypted, then that's a major IT security failure on the part of the company. In some countries they could be held liable for that by regulatory authorities for failure to comply with information and network security regulations.
    1 point
  46. Thank you for your feedback, Raynor. We do pay attention to suggestions, and we may consider yours for future development. Have a great day!
    1 point
  47. ok have just tried that (I also toggled the EAM yesterday as it happens, and Fast Startup is disabled on my machine) and while it worked following a restart, I;ve just turned the machine on again (hard boot) and it's happened again - wsc showed 'getting protection info' and the revolving circle of dots for about 2 minutes then it gave up and now shows the yellow exclamation mark icon again I have debug logs for this if they're of interest
    1 point
  48. Good catch! I agree - the option should be reinstated. For those who don't like it, they can turn it off. But for those who like constant reassurance that things are working properly, hour by hour, the notification that signatures just got updated is big and obvious - much more so than the very small systray flag you'd get if signature updates have stopped for some reason.
    1 point
  49. You're welcome. If you need anything else, then let us know.
    1 point
  50. According to their manual you can uninstall it from Apps & Features: http://h10032.www1.hp.com/ctg/Manual/c06379792
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...