GT500

Emsisoft Employee
  • Content Count

    12628
  • Joined

  • Days Won

    380

Everything posted by GT500

  1. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Tradução fornecida pelo Google: Esta é uma variante mais recente do STOP / Djvu, e seu ID é um ID online, portanto, atualmente não há como descriptografar seus arquivos. Há mais informações no seguinte link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. This is a newer variant of STOP/Djvu, and since your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. Victims of newer variants of STOP/Djvu who have online ID's will have to wait for the private keys kept by the criminals to be released publicly. At the moment there's nothing else we can do.
  7. It identifies the module in BitDefender's scanning engine which detected the file. I would believe it's there for use in false positive reports.
  8. We probably would have gone that route if we didn't have evidence that an overwhelming number of our customer don't like the notifications at all. Granted that doesn't mean things won't change in the future as we receive feedback from our customers.
  9. I'll ask QA if anyone has plans to contact Malwarebytes.
  10. In 2020.6 we added a new service for handling reporting to the Windows Security Center. As for why exactly WSC isn't reading the status of EAM correctly, we're not certain if that's a bug on our side or Microsoft's (WSC has always been flaky). The only known fix for this issue right now is to uninstall EAM, restart the PC twice, and then reinstall EAM. We recommend downloading from MyEmsisoft if you already have an account, otherwise you can find alternate downloads at the link below: https://help.emsisoft.com/en/1597/download-installation/
  11. Why aren't you able to attach files to a post? Are they too large, or do you get a generic error message?
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. Sharing files over the network would usually be the reason for files being encrypted on other computers, however you should still check all computers for infections. If you haven't already run an Anti-Virus scan, then you can use Emsisoft Emergency Kit: https://www.emsisoft.com/en/home/emergencykit/
  14. Were you ever able to find a proper file pair?
  15. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. You mean decrypt? If so, then it's not possible without the private key for your ID, which only the criminals have.
  20. That's correct. We only add our own tests to our database. If we detect any other tests, it's because they are in a third-party database that we use to supplement our protection.
  21. No. ID's are set before your files are encrypted, and their only purpose is to identify what private key should be used to decrypt your files. As @quietman7 explained, private keys for online ID's are randomly generated for each infected computer, so they are unique for each infected computer (unlike private keys for offline ID's which are all identical for the same variant of STOP/Djvu). Since only the criminals have the private keys, and no one else has access to them, there's no way we can decrypt files that have online ID's. The only way that could ever change is if the private keys were released publicly so that we could add them to our database.
  22. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  23. I've been told that this change wasn't intentional, and we're creating a bug report for it.
  24. This may be the BigLock ransomware: https://support.emsisoft.com/topic/33438-corona-lock-files-can-not-find-decryptor/?do=findComment&comment=204722 You should be able to check on ID Ransomware to verify that: https://id-ransomware.malwarehunterteam.com/