GT500

Emsisoft Employee
  • Content Count

    10682
  • Joined

  • Days Won

    297

Everything posted by GT500

  1. Apparently you have some Norton security software installed as well. Would it be possible to remove that, and see if that effects the issue in any way?
  2. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. That company isn't entirely honest with you. What they do is pay the ransom for you, and then lie to you. There's more information here.
  4. Yeah, that is rather fun. Especially when the guy who made the image ran off before completing it, and never returned...
  5. As far as I know they can't decrypt newer variants of STOP/Djvu when the files have online ID's, however @Amigo-A may know more.
  6. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. Most ransomware will use methods or erasing or overwriting files that doesn't allow them to be recovered. You can try file recover software (I'd recommend something free such as Recuva or one of the others from this list), however I wouldn't expect the odds of this working to be very high. After all, if this were possible in most cases, the criminals would be pretty upset about people getting their files back and would quickly fix it.
  8. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. I recommend keeping an eye on BleepingComputer's news feed, as if there are any major developments with this ransomware (such as decryption keys being released) they will almost certainly report on it: https://www.bleepingcomputer.com/
  10. I took a look at one of the files you uploaded to ID Ransomware: Beznazwy-12.pdf.id[48DD8B75-2415].[[email protected]].Caley.no_more_ransom How Recovery Files.txt The extension .no_more_ransom and the ransom note appear to be from the Rapid ransomware, however the rest of the changes to the file name look like Phobos. It looks like your files were encrypted by more than one ransomware. It's not possible to decrypt files that have been encrypted by this version of Rapid, and as far as I am aware there's still no way to decrypt files that were encrypted by Phobos.
  11. The only instance I could think of where Silent Mode might potentially activate for more than one user is on a terminal server. In a situation where every user is on a different physical workstation, the only way for Silent Mode to be toggled on for multiple users would be for someone to manually toggle it on in a policy for those workstations in Emsisoft Cloud Console (via my.emsisoft.com). Manually turning Silent Mode on, and then back off, should clear the issue and allow updates to be installed. If you have the workstations connected to Emsisoft Cloud Console (ECC), then edit the policy for the workstations, scroll down to the Advanced section, and the toggle for Silent Mode should be the first setting in that section. Workstations that are turned on should sync with ECC right away. This usually only takes a few seconds, however that can depend on the Internet connection.
  12. OK. I've forwarded your logs to QA. Please note that it could take some time for them to review your logs with our development team.
  13. I also recommend reporting this incident to your country's national law enforcement: https://www.nomoreransom.org/en/report-a-crime.html
  14. ID's are assigned to files when they are encrypted, and they can't be changed. The only way we'll get private keys for decryption is from the criminals. Either security analysts will compromise their server and liberate their database of keys, or law enforcement will catch them and release the database for use in decrypters. With this ransomware, I assume the latter is more likely.
  15. We're always glad to hear that. Please be sure to invest in a good Anti-Virus software to help keep this from happening again. @xminh @Leela and @babister this is a newer variant of STOP/Djvu, and all of you have online ID's, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. If you have files you've downloaded that have been encrypted, and you can re-download the originals, then you can use them as your files pairs to help you recover some of your other files. This will work with many types of files, however it won't work with JPEG/JPG pictures, as there's an oddity with the JPEG file format that requires the pictures used in the file pair to be from the same source as the pictures you want to decrypt.
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google. Esta es una variante más nueva de STOP / Djvu, y su ID es una ID en línea, por lo que actualmente no hay forma de descifrar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This means there was no decryption key for your ID in our database, which is usually due to your files having an online ID. If you have an older variant, then you just need to supply file pairs to our online submission form. If you have a newer variant, and you have an online ID, then there's currently no way to decrypt files. You can find more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. It was never live. It wouldn't help you recover your files anyway.
  21. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/