GT500

Emsisoft Employee
  • Content Count

    12835
  • Joined

  • Days Won

    386

Everything posted by GT500

  1. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. I'm not aware of a size limit, however I have asked the developer who made the decrypter about this to confirm.
  3. Don't trust random videos or articles that you find online for help. They usually get things wrong, and often don't give good advise. For instance, there is no decrypter that can decrypt "any type of file". Stick to advise from experts, and when in doubt make sure your source of information is one of the partners of the NoMoreRansom project as they will be the most likely to have reliable information about ransomware and how to decrypt files. As for the ransomware that uses the .maas extension, it is more than likely the STOP/Djvu ransomware. It does use Salsa20 encryption, however newer variants (starting near the end of August 2019 and newer) use RSA keys which are impervious to most forms of attacks, and in order to decrypt files that have been encrypted by newer variants of STOP/Djvu (like .maas) we would need the private key for your ID. Unfortunately only the criminals who made/distributed the ransomware have access to the private keys, and we can only decrypt files in those cases if the ransomware was unable to connect to its command and control servers and used an offline ID and public key when encrypting files, and even then we can only decrypt such files after a victim who has an offline ID has paid the ransom and sends us the decrypter the criminals sent them so we can extract the private key. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. It's not supposed to. Your files aren't decryptable. Please read my previous replies.
  5. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. .vesad is an older variant (I'll ask the developer who made the decrypter why it said it's a new variant). You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. It's an online ID. If you have any doubts, our decrypter will tell you what ID each encrypted file has, and whether the ID's are online or offline.
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. The decrypter will tell you each file's ID, and whether or not it's online or offline: https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Assuming you mean reinstalling Windows, then yes. That being said, this is overkill for just this one ransomware. The STOP/Djvu ransomware is fairly well detected by most Anti-Virus software and very easy to remove. You can use Emsisoft Emergency Kit to do so: https://www.emsisoft.com/en/home/emergencykit/ Of course, if the computer is infected by a number of different malwares and you don't want to go through the hassle of making sure they all get cleaned up, then reinstalling Windows would be understandable. Note that there is no danger in doing this as long as you make a backup of your files before proceeding. Once the computer is clean you may continue using it, however be sure to keep it properly protected. You'd only notice a difference if there was something wrong with the old HDD, otherwise reinstalling Windows would have the same effect as replacing the HDD.
  10. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. For the files with names that end in .dotmap it's important to know whether their ID's are online or offline. Our STOP/Djvu decrypter will tell you this for each file with a name that ends in .dotmap, and for those with online ID's you will need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. Can you attach some encrypted files and a copy of the ransom note to a reply for us to look at?
  21. We spent some time trying to reproduce this, and were not able to. Are any non-default settings in use on the workstations this is happening on? Settings that have been changed from default in the Emsisoft Business Security settings will have a vertical blue bar to the left, like the update feed setting in the following screenshot: