GT500

Emsisoft Employee
  • Content Count

    11469
  • Joined

  • Days Won

    330

Everything posted by GT500

  1. This is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. I already replied to your post in another topic: For those of you with offline ID's, we have to wait until someone who has the same variant you have and also has an offline ID pays the ransom and donates the decrypter to us that the criminals send them so we can extract the private key from it. There's no way of knowing when this will happen, so please be patient. Just keep in mind that those with an offline ID have a fairly good chance of recovering their files once we have the private key.
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. That's correct. I usually recommend subscribing to BleepingComputer's newsfeed, as they will usually report on things like this. BleepingComputer's homepage: https://www.bleepingcomputer.com/ BleepingComputer's RSS feed (should work in most feed readers): https://www.bleepingcomputer.com/feed/
  5. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google: Debe cargar pares de archivos a través de nuestro formulario de envío en línea para que el descifrador pueda ser "capacitado" sobre cómo descifrar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. That's up to you. The criminals behind this ransomware have been operating for more than a year, and we have no way of knowing if or when they will be arrested.
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. It's probably best to post messages in English, as this is an English help forum and it's the most commonly spoken language among those who ask for help here.
  9. This is a newer variant of STOP/Djvu, and if your ID is an online ID then there's currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. Did you try the STOP/Djvu decrypter? There's more information about it at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. Never mind, stapp let me know that you've already posted in the beta section and Frank didn't need the logs.
  13. Have you identified the ransomware? If not, you can use ID Ransomware to do so. https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  14. Do you have debug logs? BTW: If it happens again, disable self-protection in EAM, and save a dump of a2start.exe using Processes Hacker or Process Explorer. Some other users have reported similar issues with the current stable build, and we're waiting on process dumps to see if they show what's going on.
  15. QA says we're waiting for process dumps from anyone who is still effected by this. They are also curious if the issue is still present after disabling the Web Protection and restarting the computer.
  16. This is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. This is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. Fixlist files are custom scripts intended to only be run on a single computer. A fixlist written for someone else probably won't do anything useful on your computer, and could even potentially cause harm depending on what's in it, so only run a fixlist for FRST if a helper or support representative qualified to write one specifically asks you to do so. As for the other FRST logs you posted, was there something specific you wanted me to look for? At first glance I'm not seeing any obvious signs of infection.
  19. This is a newer variant of STOP/Djvu, and since your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. We know how it works. It uses Salsa20 encryption with RSA keys. The issue is that RSA keys are impervious to most attacks, and highly resistant to brute force attacks, so there's no feasible way to decrypt your files unless you have the private key that was generated by the command and control servers. Since the private key never leaves the servers (unless you pay the ransom) and brute forcing it would take even a super computer thousands of years, there's nothing that can be done unless law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters. Actually the speed is because they only encrypt part of each file. That's why the time needed to encrypt files doesn't vary based on file size.
  23. No, my recommendation had nothing to do with our decrypter. I was recommending basic security procedures to secure your NAS device. Some analysts believe that MegaLocker infects the NAS device in order to encrypt files and resetting the NAS device to defaults, flashing the firmware, and then resetting it again should get rid of any malicious code that has been executing on the device. Since UPnP can be used maliciously to change settings on your router, and since your NAS may use it to ask your router to forward ports that would put it at risk, it should always be disabled. Since the guest account on Synology NAS devices (and other similar devices that have been effected by MegaLocker) is the account that is being abused by MegaLocker when it performs its attack, this account should be disabled. Since this account is not needed to access files on your NAS, disabling it should not cause any problems with accessing your files. Lastly, the SMB protocol is not one that is know for security or safety, and SMB ports should never be forwarded in your router to any device on your network as this allows direct attacks against those devices via the Internet.
  24. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  25. I wasn't able to, however I haven't heard anything from QA. They may be waiting for more debug information. Has anyone tried the current beta to see if that helps? https://blog.emsisoft.com/en/36012/emsisoft-anti-malware-2020-4-beta/