GT500

Emsisoft Employee
  • Content Count

    12848
  • Joined

  • Days Won

    387

Everything posted by GT500

  1. Can you ZIP some of the encrypted files, and attach them to a reply or a private message for us to review? Also note that since this is a business request, if you need more in-depth support than I normally give on our forums or help with a ransomware we don't make a decrypter for, we do have a paid ransomware remediation service (decryption is not guaranteed, but you will get support from our best ransomware experts): https://www.emsisoft.com/en/tools/ransomware-recovery/inquire/
  2. I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.
  3. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. Not with the STOP/Djvu ransomware. The ID is contained in the encrypted files (it gets appended to the end of each encrypted file) so there won't be any trouble figuring out which private key to use should they become available, so it's safe to reinstall Windows if you'd like to. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Newer variants of the STOP/Djvu ransomware use RSA keys, which are impervious to most forms of attack.
  6. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ Newer variants of the STOP/Djvu ransomware use RSA keys, which are impervious to most forms of attack.
  7. For STOP/Djvu a thousand cases is an understatement. There are nearly that many new cases every day (roughly 700-800 daily submissions to ID Ransomware at least). Not that the actual number of cases matters. Decrypting even one person's files is impossible without their private key. There is an ID inside the readme files, and this ID identifies which private key should be used to decrypt your files. Public keys are used to encrypt files, and normally you won't see these. Some people do manage to find these on their computers, however they are useless for decryption. Only the criminals have the private keys, unless you paid the ransom and they sent you a decrypter.
  8. We can't add a key we don't have. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. No. The files aren't locked or infected. They're encrypted. They need to be decrypted. The only way to do that is with the private key for your ID, however only the criminals have that. All you'll succeed in doing by reinstalling Windows is spending a bunch of time setting up your computer again.
  10. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption. Unfortunately it isn't possible to know if or when that may happen.
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. I assume you have AdGuard installed like @andrewek? If so, do the instructions he posted from AdGuard Support help?
  14. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ الترجمة المقدمة من جوجل: هذا هو إصدار أحدث من STOP / Djvu. إذا كان لديك معرف دون اتصال ، فعندما نتمكن من العثور على مفتاح فك التشفير لهذا المتغير وإضافته إلى قاعدة بياناتنا ، يجب أن تكون قادرًا على استرداد ملفاتك. ومع ذلك ، إذا كان لديك معرف عبر الإنترنت (وهو على الأرجح) فلن يكون من الممكن استرداد ملفاتك. هناك المزيد من المعلومات على الرابط التالي: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google: Esta es una variante más nueva de STOP / Djvu, y su ID es una ID en línea, por lo que actualmente no hay forma de descifrar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. Thanks for reporting this. I'll mention it to QA, and we'll see if we can reproduce it.
  21. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  22. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  23. We already have access to as many copies of the ransomware as we want, as do law enforcement agencies. Bringing the criminals to justice does start by analyzing the ransomware, however it is more complicated than just doing that, and takes quite a bit of time (unless the criminals make some big mistakes).
  24. Sure. Feel free to send me the download link in a private message.