GT500

Emsisoft Employee
  • Content Count

    10955
  • Joined

  • Days Won

    312

Everything posted by GT500

  1. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. Sorry, I had posted the wrong reply, and have deleted it. I don't actually know your ID, so here's what I had intended on posting: This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. It sounds like you were fortunate enough to have an offline ID, and someone gave us a decrypter for that offline ID after they paid the ransom. Keep in mind that there's always a danger of something like this happening again. Make sure you have good security software (we make some, and there are a few good ones from other companies as well), and make sure to keep a backup of any important files. Important note: If your computer has access to the backup of your files, then so does ransomware. Always back up data on something that can be disconnected from the computer (USB flash drives, external hard drives, tape drives, etc).
  4. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. Unfortunately it's going to take some time. If you'd like to follow BleepingComputer's news feed, they like to report on ransomware and any major developments when it comes to decryption tools: https://www.bleepingcomputer.com/
  6. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. Can you attach a valid file pair to a reply for me to review? We'll see what we can do.
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. If private keys for STOP/Djvu are released, then BleepingComputer would almost certainly report on it, so I recommend following their news feed: https://www.bleepingcomputer.com/
  10. .mogranos is an older variant, so you should be able to use our decrypter to recover your files. If you have an online ID (which is most likely) then you'll need to submit file pairs via our online form. All of the information you need should be in the topic that Amigo-A linked to.
  11. .access is an older variant, so you should be able to use our decrypter to recover your files. If you have an online ID (which is most likely) then you'll need to submit file pairs via our online form. All of the information you need should be in the topic that Amigo-A linked to.
  12. No, but if there ever is then it will almost certainly be covered on BleepingComputer's news feed: https://www.bleepingcomputer.com/
  13. My recommendation is to make a backup of your encrypted files in case they can be decrypted at some point in the future. Also, feel free to file a report with law enforcement, which will help them better understand the impact of this ransomware and better prioritize their investigation into the criminals behind it: https://www.nomoreransom.org/en/report-a-crime.html
  14. It could have been blocking the CDN we use, or possibly Cloudflare (which we protect our servers with). If you run in to any problems like this in the future, we do have a tool that creates a diagnostic log which can be used by our support team to get a general idea of where an issue may be occurring. https://help.emsisoft.com/en/1735/how-do-i-use-the-emsisoft-diagnostic-tool/
  15. Botnets and exploits are detectable by the Behavior Blocker. Network protection, assuming you mean threats originating from outside the PC, are handled by Windows Firewall and EAM keeps unknown applications from modifying Windows Firewall settings.
  16. You're welcome (and happy new year as well).
  17. We consider heuristics to just be another type of signature, and yes we do use them in our database, as does BitDefender. That a PUP (Potentially Unwanted Program) detection, and we use fairly generic names for them. In these cases I would believe they are not usually heuristic detections.
  18. Developing a decrypter isn't necessary. What we need is private keys. Unfortunately only the criminals have access to them, so there's nothing we can do at the moment.
  19. You'll need to supply us with a proper file pair, where both files are the same (with the only difference being one is encrypted and one isn't).
  20. Amigo-A posted a link to this in another topic: https://www.tesorion.nl/nemty-2-2-and-2-3-analysis-of-their-cryptography-and-a-decryptor-for-some-file-types/ Apparently Tesorion was was still working on their decrypter, and just not providing support for the existing one. I don't know if their updated decerypter will help either of you, but it might be worth a shot just to see.
  21. RSA keys. The only decryption tool that works for STOP/Djvu right now is the Emsisoft tool. You can find more information about it at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. The long answer is that the blue dot will remain visible until you either click the "New scan" button below the scan results, or start a new scan. The reason for this is simply because the scan results have not been dismissed yet, and so it's sort of a byproduct of the way the scanner already handled that.
  24. OK. If anything changes, then let us know.