Jump to content

GT500

Emsisoft Employee
  • Content Count

    13846
  • Joined

  • Days Won

    436

Posts posted by GT500

  1. 12 hours ago, Magdana said:

    When can we expect decryption tool from emsisoft ?

    We already have one. The decrypter needs private keys, and they're in the possession of the criminals who made the ransomware. We don't have any way to get private keys unless victims who have paid the ransom send them to us.

    This should all be covered in this link to more information:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  2. 16 hours ago, phradamon said:

    Also, why is difficult to decrypt online variant?

    It's not difficult, it's impossible to do it without the private key for your ID, and only the criminals have access to the private keys.

    The reason is that an online ID means that the ID, public key, and private key were all randomly generated on the ransomware's command and control server. Only the ID and public key are sent to the infected computer for the ransomware to use during encryption, and the only way to decrypt files is to use the private key. Since it would take thousands of years even for the most powerful super computer to brute force the private keys it's generally considered impossible to decrypt files that have an online ID.

    Offline ID's at least have a chance of being decrypted because files that have offline ID's were encrypted using an offline public key, and that public key and ID only change when the variant changes, so everyone who has the same ID can use the same private key to decrypt their files. If a victim with an offline ID pays the ransom and donates their private key to us, we can add it to our database for use by our decrypter.

  3. 12 hours ago, mehdimed07 said:

    Your personal ID: 0210a7d6yUigCPpx6KxQZCQZfT8NsgOwnGDHwiQkVLy9UTt1

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  5. On 12/6/2020 at 7:14 AM, 123fizh said:

    This is a new ransomware with this particular _readme.txt message

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  6. 11 hours ago, Lilluzzu said:

    No key for New Variant online ID: IivnLMs8lZMAOtRe3tvVMPy6d2eVFwrLwfTIqegn
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    10 hours ago, Yas said:

    Doubt anyone is out there trying to catch them either to release the private keys needed.

    Law enforcement does investigate the criminals who make/distribute ransomware. What they need are victims to report these crimes so they can properly prioritize which criminals they should focus on first, and they also need time to finish their investigations (they have to be absolutely certain they have the right people and they have enough evidence of all of their crimes). They also need to work out any jurisdictional issues, since ransomware is almost always an international crime and the countries where the most people are effected are rarely the ones the criminals are from.

  7. On 12/7/2020 at 12:50 AM, Amigo-A said:

    This is the result of the Matrix Ransomware attack.

    For those who want to see that in English, here's a Google Translate link:
    https://translate.google.com/translate?sl=auto&tl=en&u=https://id-ransomware.blogspot.com/2016/12/matrix-ransomware.html

    I would believe Zoora Savio already contacted our support via livechat, however for anyone else who sees this note that the Matrix ransomware isn't decryptable.

  8. On 12/5/2020 at 8:56 AM, jcena said:
    but the main problem is that i try do decrypt some other jpg infected files that was taken from mobile phones and its not working
     
    maybe you have an idea ?
    there is diffrence betwins jpg files ??

    You're not decrypting them. Only a small portion of the beginning of each file is encrypted, and it is technically possible to repair certain files (JPG/JPEG files included) as long as the file format is tolerant of some missing data at the beginning of the file. The issue is that only certain types of files (certain videos and pictures) can be recovered like this, and while JPG images are among the formats that can technically be recovered they usually need to be repaired manually (as in someone with knowledge of the JPEG image format needs to manually repair the files). It's doubtful that you will be able to find any method of automatically repairing JPEG images that can do so reliably.

  9. On 12/5/2020 at 8:36 AM, Ahab0908070 said:

    0268AsdtrligEyeKGU0T9nphFo21tLrrH1IPRlqFBgJa1pt1

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  10. On 12/5/2020 at 7:09 PM, DOC said:

    I am having issues deploying on several computers when installing I have to log in then after 2 factor auth it says cant contact server for activation. I have tried uninstalling reinstalling to no avail even turned windows firewall off.

    If you log in to MyEmsisoft and select your workspace, then click the blue button in the right that says Add device, you can download a copy of our installer that will automatically connect Emsisoft Anti-Malware with your workspace when installed. This should mean your license will be active without needing to log in via Emsisoft Anti-Malware itself.

    Note that in cases where Emsisoft Anti-Malware is already installed it should simply connect it to your workspace rather than trying to reinstall it.

  11. It's a false positive from Microsoft on a DIFF file (it contains the differences from one version to another) for one of BitDefender's database files. These things can be reported to Microsoft, however after a day or so there's almost no point as old DIFF files aren't used anymore, and they get superseded rather quickly (depending on how frequently a specific database file is modified of course).

  12. 17 hours ago, Ken1943 said:

    Just noticed this thread and funny thing happened to me on 12/3. I had two blue screens that day. I got a 900 mb dump file, but never questioned about it. I also had a MBAM upgrade on the same day. The first Blue Screen was at 12:13 pm Mountain time. Nothing since.

    Do the logs from either EAM or MBAM show updates happening around the time of either BSoD?

  13. On 12/5/2020 at 2:05 AM, emwul64 said:

    OTOH I assumed(!) that EAM would take over all settings relating to security, except the firewall, leaving that one to Defender.

    EAM doesn't actually change any Windows Security Center settings. Windows does that on its own.

    I did ask QA about this, and they're not aware of EAM changing this setting. We assume that like the protection in Windows Defender it gets automatically turned off by Windows under certain circumstances.

     

    On 12/6/2020 at 12:38 AM, emwul64 said:

    Thank you very much indeed. I'll switch it on as well. It is a bit strange why it was Off in the 1st place.

    I tried turning it on in a 32-bit Windows 10 VM while EAM was installed, and it simply turned back off after a reboot.

  14. 6 hours ago, Daifa said:

    No key for New Variant online ID: nd2PUiZFhxnfIdmzMZeaCGrN57BwsiRa4tg7mFvG
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  15. 18 hours ago, Rahul000007 said:

    I have cleaned my system and now try to install emsisoft decryptor. But, I am unable to install the decryptor. It doesn't respond after as try to install it by open command or open as administrator. Kindly suggest way ahead. 

    What exactly happens when you try to run the decrypter? Are there any errors messages? Does the window never appear and there are no errors at all?

×
×
  • Create New...