GT500

Emsisoft Employee
  • Content Count

    10727
  • Joined

  • Days Won

    297

Everything posted by GT500

  1. @saeed and @AZAD you both have online ID's. Without knowing whether your files were encrypted by an older or newer variant of STOP/Djvu, I can't tell you whether or not your files will be recoverable. If it's an older variant then you just have to supply file pairs to our submission form. If it's a newer variant, then there's nothing we can do. The information at the following link should help you determine that: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. The form of encryption used in newer variants isn't susceptible to the use of file pairs. Normally, with the type of encryption it uses, it's secure enough that there's no way to decrypt files without the private key. The only alternative is waiting tens of thousands of years for a supercomputer to brute force the key.
  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. Right now the only possibility (beyond paying the ransom) is if law enforcement is able to catch the criminals and release their database of private keys for us to add to our decryption service.
  6. After a quick look at their website, I see the statement "We gurantee Ransomware recovery from all types of ransomware." I can tell you right now that this statement is 100% false. There are plenty of ransomwares where the only data recovery method is paying the ransom, so the odds are pretty good that when someone doesn't have a free decrypter they can use that they just pay the ransom without telling you and then charge you more than you would have had to pay the criminals.
  7. I'm personally not familiar with this company, however I'll ask our team and see if anyone else is.
  8. They can also buy lists of known phone numbers.
  9. Michael confirmed what I said about the decrypter. It doesn't try to validate the ID, it just requests a key for the ID from our database. If no key is found, then an error is displayed.
  10. It looks like there's nothing we can do about Nemty at the moment. We understand the technical detains about how the encryption works, and in theory we know how to make a decrypter, but we don't know for certain if we could do any better than Tesorion because we can't analyze their decrypter. Our best guess right now is that the file you're trying to decrypt is a type of file that Tesorion's decryption service isn't familiar with, and thus it can't verify if it was able to decrypt the file properly. If there's a way to contact them about it, then that might be the best course of action, as only they know for certain how their decryption service works.
  11. That looks like a little more than a normal STOP/Djvu ID. If part of it is a STOP/Djvu ID, then it certainly doesn't appear to be an offline ID.
  12. I was told that this ransomware looks secure, but we may need to take a closer look at it to verify that.
  13. This appears to be the "Good" ransomware: https://id-ransomware.malwarehunterteam.com/identify.php?case=299ed861e39cc9be8b3c76ffb5163b5ce276ad89 As far as I am currently aware, there are no known ways to decrypt files yet.
  14. I'm fairly certain there's still no way to decrypt files that have been encrypted by Sodinokibi.
  15. Unless you happen to find ransom notes that have offline ID's in the, then your files more than likely all have online ID's. The easiest way to tell is just to run the decrypter and see if it can decrypt any of your files, although in the case of .derp we may not have the offline key for it yet, but at least the ID's will appear in the decrypter's output.
  16. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. An online ID is one generated by the command and control servers for the STOP/Djvu ransomware when it infects your computer. If you have one, then it means that the command and control servers also generated a random set of keys, which were used to encrypt your files. This means recovery of your data is currently not possible. There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. You've done just about everything I can think of to repair the Windows Firewall. The only other thing I can think of is Windows Repair (All In One), however it does have a ton of extra fixes that aren't going to be necessary, and it does like to add a startup item so that it can display an icon in your System Tray/Notification Area. There's also a good possibility that it may not work either. If that doesn't fix it either, then it's possible that someone at BleepingComputer may know how to fix this. There's also Tech Support Forum and the StackExchange tech sites, and some pretty good experts hang around both of those websites and answer questions. I'll ask one of our ransomware analysts and see what they say about this.
  19. Doing this may break some applications that use the HOSTS file for blocking bad websites, however beyond this it shouldn't have any negative side effects, and it is safe to delete the HOSTS file if you aren't using it to block bad websites.
  20. I don't think the decrypter is checking to see if it's an online ID, it's just checking to see if we have a decryption key for the ID. If our database has no key for the ID, then that error is returned. It's possible that the decrypter doesn't check whether ID's are online or offline because we don't actually know 100% of the ID's, however I'd have to ask to confirm that.
  21. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. You can attach log files to a reply here. When you click in the field to type your reply, you can drag and drop files into the reply field, or you can access the attachment controls at the bottom.
  24. I'll ask to see if ID Ransomware's detection was correct.
  25. File: C:\Users\GT500\Desktop\FIFA14-DIE.py.bora Error: Unable to decrypt file with ID: kL5msMZjKKEario4wMBSiaOyOHwUoC5omWEHNDHr That's an online ID. There's no way to decrypt it.