GT500

Emsisoft Employee
  • Content Count

    10733
  • Joined

  • Days Won

    297

Posts posted by GT500


  1. 14 hours ago, manish657 said:

    Your personal ID:
    0184Asd374y5ADfyPEdCzaGCjzY49JXD7N2aGZvZyXuXR2bTTB83

    I have taken the backup of all the Encrypted Files of .mbed extension. 

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    14 hours ago, manish657 said:

    Can I reinstall the Windows ?

    It's not necessary with this ransomware, however you may reinstall Windows if you'd like to. Just be sure to make a backup of your encrypted files first.

     

    14 hours ago, manish657 said:

    Will my Data be Decrypt whenever the Private Key available ?

    There is always a chance that private keys may be released at some point in the future, so we generally recommend keeping a backup of your encrypted files in case decryption is possible at some point in the future.


  2. Your ID is an online ID, however I don't know if you have an older variant or newer variant of STOP/Djvu. If it's an older variant then decryption of files should be possible, however if it's a newer variant then it won't be possible. There is more information at the following link, which should help you determine if you have an older variant:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  3. This is a PowerShell-based ransomware. In October they started distributing it in malicious Word documents via spam e-mails. There's more information at the following link:
    https://www.bleepingcomputer.com/news/security/ftcode-powershell-ransomware-resurfaces-in-spam-campaign/

    Unfortunately I don't know of any way to decrypt files for free. The encryption method they use appears to be secure. I'll ask if there are any possibilities, however I don't expect any.


  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  5. 16 hours ago, ammar85 said:

    my files encrypt with ( .nasoh) and I try your tools djvu but not working

    Error: Unable to decrypt file with ID

    .nasoh is an older variant. You didn't post your ID, however the error you mentioned usually means that you have an online ID. With older variants you will need to supply file pairs to our online submission form in order for the decrypter to "learn" how to decrypt your files. There's more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  6. 16 hours ago, gindra said:

    help. all my files are encrypted. :( i got .gesd virus. I got a FI4 id but decryptor couldnt decrypt my files.

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  7. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  8. 8 hours ago, imazan said:

    .MOSK ransomef**k is get encrypt my hole computer, d**n it!!

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  9. 11 hours ago, slimani said:

    [+] Loaded 57 offline keys
    Please archive the following info in case of future decryption:
    [*] ID: P2hwOTW83dbp0WQM2ETXYH4PP3mGURBAXcJLfais
    [*] MACs: 00:FF:1D:08:F7:A4, 00:25:64:B1:A1:3E
    This info has also been logged to STOPDecrypter-log.txt

    Michael Gillespie's old STOPDecrypter shouldn't be used anymore. He's helped us develop a new decrypter that will be able to recover files for more people than STOPDecrypter was able to. There's more information available at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

    Note that you have an online ID, and if you have an older variant of STOP/Djvu then you will need to supply file pairs to our online submission form. All of this is covered in the information at the above link.


  10. 18 hours ago, Yuselita said:

    I hope there's an update decryption tool for this new type of ransomware with online key.

    That would only be possible if someone were to release the private keys for us to add to our database for our current decrypter.

     

    16 hours ago, Hafid said:

    anyone can help me with this ransom virus?

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/