GT500

You're welcome.

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

First and foremost, do you know what version of Gandcrab? Also, when you run our STOP/Djvu decrypter, does it show you the ID for your encrypted files that end in .blower?

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

This is a newer variant of STOP/Djvu, and since your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

You need to upload file pairs via our online submission form so that our decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter Note that the old STOPDecrypter won't be able to decrypt your files, however the Emsisoft STOP/Djvu decrypter should be able to once "trained" with proper file pairs.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

That looks like Phobos, which appears to be the result you got when checking with ID Ransomware. Unfortunately Phobos isn't decryptable.

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Traduzione fornita da Google: Questo potrebbe essere il Dharma. Ti consiglio di caricare una copia della nota di riscatto insieme a un file crittografato su ID Ransomware in modo da poter verificare con quale ransomware hai a che fare: https://id-ransomware.malwarehunterteam.com/ È possibile incollare un collegamento ai risultati in una risposta se si desidera che li riveda.

This may be Dharma. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.

That's not a download link. Are you able to attach a few files to a reply to this topic? Only authorized helpers can read them.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

That's not an RSA private key. That's not even an RSA public key. That looks like a CLSID, which has nothing to do with encryption.

.mado indicates a variant of the STOP/Djvu ransomware, and we already have a decrypter for that. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Can you attach one of the file pairs you used to a reply so that we can look at them?

That's not possible with newer variants of the STOP/Djvu ransomware. They use RSA keys.

You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Google tarafından sağlanan çeviri: Bu daha yeni bir STOP / Djvu varyantıdır ve kimliğiniz çevrimiçi bir kimliktir, bu nedenle şu anda dosyalarınızın şifresini çözmenin bir yolu yoktur. Aşağıdaki bağlantıda daha fazla bilgi var: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Our software isn't listed as being vulnerable, and I am not aware of any reports of our software being vulnerable.

@haydn and @MJmusicguy just to confirm, the crashes stopped completely for both of you after disabling Web Protection and restarting your computers? What versions of Windows did this happen on? 32-bit or 64-bit? Did the crashes usually happen when you were doing something specific (browsing the Internet, watching online videos, playing online games, using a VPN, etc)? What sort of network adapters are you using to connect to the Internet (ethernet/hardwired, wireless, USB cellular/mobile broadband card, etc)?

Are you adding the exclusions directly in Emsisoft Anti-Malware, or in your workspace settings in MyEmsisoft (my.emsisoft.com)?