GT500

Emsisoft Employee
  • Content Count

    10441
  • Joined

  • Days Won

    294

Everything posted by GT500

  1. Don't buy decryption services from people offering help. There are some companies (such as Coveware) offering to contact the criminals for you and negotiate lower price, however any source that claims they can decrypt your files even when our decrypter can't is more than likely just trying to scam you out of your money. If any alternative method for decrypting your files does become available, then BleepingComputer will almost certainly report on it, and the STOP Ransomware support topic at BleepingComputer will be updated with the information.
  2. You may need the latest version of the Microsoft .NET Framework: https://dotnet.microsoft.com/download/dotnet-framework If that doesn't help, then let me know if it shows any error messages.
  3. You can't. ID's are assigned by the ransomware when it encrypts your files. If it can connect to its command and control servers then it asks the servers for a random ID and public key (an online ID and key) for encryption. If it can't connect to its command and control servers, then it uses a built-in ID and public key (and offline ID and key) for encryption.
  4. Let's try getting a log from FRST, and see if it shows any installed security software. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  5. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. Oh, you mean the file on WeTransfer. It's normal for WeTransfer to delete files after a few days. Their service is intended for one-time file sharing, and they don't keep shared files for more than a week (at least not for free). If it is a video showing their decrypter working, then its intention is to reassure you that paying the ransom will get your files back. The reality is that even if they send you video "proof", they don't actually have to send you a working decrypter. Granted I would believe the decrypter they send victims does usually work OK, and even if it doesn't then as long as they sent you the correct private key then we can add it to our database for our decrypter. Regardless, we don't recommend paying them money, or even contacting them yourself.
  7. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. Not until law enforcement catches the criminals and takes possession of their database of private keys.
  9. The two-factor authentication code is sent via e-mail.
  10. Let's try getting a diagnostic log. The instructions and download are available at the following link: https://help.emsisoft.com/en/1735/how-do-i-use-the-emsisoft-diagnostic-tool/
  11. That means it's an ID we don't have in our database. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. If you have an online ID, then there's nothing we can do to help you. A company like Coveware may be able to help you negotiate with the criminals for a lower ransom, however Coveware usually works with businesses that have to pay extremely large ransoms so I don't know how much help they'll be.
  13. OK, then make sure that any security software (Anti-Virus, firewall, etc) you have installed isn't blocking the decrypter's Internet access.
  14. That's a variant of STOP/Djvu. You have an online ID, however it's one of the older variants so our decrypter should be able to help you. There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. OK. Be sure to let me know if you encounter any further issues.
  16. Try the following: Open Emsisoft Anti-Malware. Click on Settings. Click on Advanced in the menu at the top. Disable the option that says "Start on Windows startup". Re-enable that option, and then restart the computer.
  17. There is no new decryption tool being worked on. For offline ID's we can add the decryption keys to our database if we find them, however for online ID's there's nothing that can be done without access to the criminals' database of private keys. That's probably a DNS error. Can you visit the following link in your web browser? https://decrypter.emsisoft.com/
  18. That doesn't work with most ransomware, since they delete the shadow copies. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ As for paying the ransom, while it is not recommended, I would believe that these particular criminals do deliver a working decrypter if you pay. You can also go through a third-party (such as Coveware) if you'd prefer someone negotiate a lower price for you, however note that such services are often intended for businesses and are often still expensive.
  19. It's possible the file is corrupt of damaged in some way that might prevent their free decryption from working.
  20. I would believe that there's still nothing that can be done about the Phobos ransomware, however Amigo-A may remember something that I don't (once he realizes that you're a victim of Phobos and not STOP/Djvu).
  21. We know the IP's the criminals have used for their command and control servers (they actually do keep them protected), and there is no need to track IP's as STOP/Djvu infections normally come from pirated software (or fake music and movie downloads) rather than from RDP compromise or something similar.
  22. You found public keys. Private keys are required for decryption, and there is nothing you can learn from the public keys that could aid in decryption.
  23. It should run fine on Windows 7 SP1. It does require a newer version of the .NET framework than ships with Windows 7, and it will require that you install Windows Updates. If the update that adds SHA-2 hash support for Windows 7 is not installed, then not only will our software fail to run on your computer, but any newer software from other companies who have had their SHA-1 code signing certificates expire will also fail to run on your computer. You can get the latest version of the .NET framework from the following link: https://dotnet.microsoft.com/download/dotnet-framework
  24. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  25. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/