GT500

Emsisoft Employee
  • Content Count

    10274
  • Joined

  • Days Won

    291

Posts posted by GT500


  1. 14 hours ago, Zubair Shah said:

    I am in trouble, my all data has been encrypted by (.masodas) could you please help me any one?

    That's more than likely STOP/Djvu, and we have a new decryption service to aid with recovering files (as Amigo-A already pointed out). There is more information and instructions on using the service at the following link:
    https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/


  2. 12 hours ago, mahmo said:

    but i just wondered about the other files which are still being encrypted if is there will be any another solution soon?
    as i think it's not offline key that encrypt my files

    This new decrypter is capable of decrypting files that were not encrypted using an offline key, however it requires a little help. You need to have a few original (unencrypted) files and encrypted copies of the same files (called "file pairs") in order to upload to our decrypter page so that it can learn how to decrypt some of your files. Note that this doesn't work for all files, for instance if you upload a file pair for a PNG image, then the decrypter will be able to decrypt any other PNG pictures on your computer that were encrypted at the same time, however it won't be able to decrypt anything else, so you'll need file pairs for each type of file you need to decrypt.

    The BleepingComputer article has more detailed information and instructions on how to use the decrypter.
    https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/


  3. Remove KMS and any pirated software, then run the DSIM /CheckHealth and DSIM /ScanHealth commands and the SFC SCANNOW command, make sure the computer is restarted if any repairs were made, and then if the firewall still isn't running try the Microsoft firewall repairs again.

    Note: KMS is known to install malware on computers, and it is rather common for victims of the STOP/Djvu ransomware to have been compromised shortly after installing KMS.


  4. 9 hours ago, Mehdi said:

     .karl ransomware . I need to decrypt my files. can anyone suggest me the way to recover my data.

    In most cases, with that variant of STOP/Djvu, it's not going to be possible. If you're lucky enough that the ransomware couldn't contact its command and control servers then there's a possibility, however there are no guarantees.