GT500

Emsisoft Employee
  • Content Count

    13180
  • Joined

  • Days Won

    405

Everything posted by GT500

  1. If that's the case, then why is it that when I look up your IP address on ID Ransomware, it shows a result for GlobeImposter 2.0? I'm fairly certain that none of the variants of Globe have been in distribution for years, however I know that GlobeImposter 2.0 is still in distribution. Could you attach a few encrypted files and a copy of the ransom note to a reply for me?
  2. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. That means it is still searching for encrypted files. It will stop saying "starting" once it has found them. Traducción proporcionada por Google: Eso significa que todavía está buscando archivos cifrados. Dejará de decir "iniciando" una vez que los haya encontrado.
  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. We get these keys when victims who have an offline ID pay the ransom and donate their private key to us, so there's no way to know when that might happen. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google: Esta es una variante más nueva de STOP / Djvu. Si tiene una identificación fuera de línea, una vez que podamos encontrar la clave de descifrado para esta variante y agregarla a nuestra base de datos, debería poder recuperar sus archivos. Sin embargo, si tiene una identificación en línea (que es más probable), no será posible recuperar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  9. Then it's probably GlobeImposter 2.0 or something like that. Did you check with ID Ransomware? If it's GlobeImposter 2.0 then it should identify it accurately.
  10. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. To my knowledge there's no known way to decrypt files that have been encrypted by this ransomware.
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. I can give you any available information I have once the ransomware has been positively identified. If you're representing a business and need more in-depth support than I can provide, then we do have a paid ransomware consultation service (note that decryption is not guaranteed).
  15. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. It's normal for there to be a file size difference between original files and encrypted files.
  17. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Google tarafından sağlanan çeviri: Bu, STOP / Djvu'nun daha yeni bir çeşididir. Çevrimdışı bir kimliğiniz varsa, bu varyant için şifre çözme anahtarını bulup veritabanımıza ekledikten sonra dosyalarınızı kurtarabilmeniz gerekir. Ancak, çevrimiçi bir kimliğiniz varsa (ki bu daha olasıdır) dosyalarınızı kurtarmak mümkün olmayacaktır. Aşağıdaki bağlantıda daha fazla bilgi var: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. There are no plans for any changes to this system. What kind of files are you trying to decrypt? Plain text files are usually not decryptable, as they would need to share the same first 5 bytes with the file pair you use (this is why the decrypter tells you the first 5 bytes of every encrypted file it can't decrypt), and plain text files only share the same first 5 bytes with other files if they start with the same 5 or 6 characters.
  19. According to ID Ransomware that's Globe 3, which we have a decrypter for: https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-version-3-of-the-globe-ransomware/ Note that the identification is based on the bitcoin address. You didn't supply enough information for a more accurate identification than that (ideally I'd need a copy of the ransom note and an encrypted file), and it is technically possible for more than one ransomware to share the same bitcoin address (such as if they are distributed by the same criminals). If you haven't already, you can run it by ID Ransomware yourself and see what it says: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  20. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  24. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Tradução fornecida pelo Google: Esta é uma variante mais recente do STOP / Djvu. Se você tiver um ID off-line, assim que pudermos encontrar a chave de descriptografia para esta variante e adicioná-la ao nosso banco de dados, você poderá recuperar seus arquivos. No entanto, se você tiver uma ID online (o que é mais provável), não será possível recuperar seus arquivos. Há mais informações no seguinte link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  25. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/