GT500

Emsisoft Employee
  • Content Count

    12226
  • Joined

  • Days Won

    362

Everything posted by GT500

  1. The best way to check is to upload a ransom note and an encrypted file to ID Ransomware, as it should be 100% accurate at detecting GlobeImposter 2.0: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  2. That appears to be the following ransomware: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/ There's a discussion about this ransomware at the following link as well: https://www.bleepingcomputer.com/forums/t/716458/lockbit-ransomware-lockbit-lock2bits-support-topic/ There does not appear to be any way to decrypt files that have been encrypted by this ransomware.
  3. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. Being on that list has nothing to do with Windows Defender. Windows shuts that off automatically when a third-party Anti-Virus that implements a specific Microsoft API (unfortunately I don't remember the name) is installed, registered with the Security Center, and turned on. Since Emsisoft Anti-Malware (EAM) registers itself with the Windows Security Center and uses the necessary API, Windows Defender is turned off automatically when protection in EAM is on. If Windows fails to turn off Windows Defender, then that usually means EAM's registration with the Security Center failed or is corrupted, or the option to integrate with the Security Center in EAM's advanced settings is turned off. Unfortunately being on a list of security software providers doesn't mean much. The only thing that would allow us to stand out would be our company logo, and the actual marketing value from that would be minimal (especially with multiple free Anti-Virus products listed). The list appears to be in random order, so in theory we'd show up at the beginning every now and then, but with very little brand recognition the odds are that we'd just get overlooked for more popular solutions, or for ones that say "free" below their logo.
  5. Yes, I'm sure. If you want to know why it's working for you, then send me a private message.
  6. In your case the decrypter isn't even trying to decrypt your files, because it can't connect to our servers. Please follow the instructions at the link below to reset your HOST file to default: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default
  7. You can keep an eye on BleepingComputer's news, as they will usually report when a new ransomware decrypter is released: https://www.bleepingcomputer.com/ We also have a blog where we usually announce new decrypters we've made: https://blog.emsisoft.com/
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. Because the ID ends in t1 just like all other offline ID's for more than the past year.
  10. We're still analyzing this ransomware, and we don't know if it's decryptable yet.
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. The ransomware only encrypts part of the beginning of each file. There are some file formats that are tolerant of corrupt data at the beginning of a file, and thus you can recover them this way, or with file repair software. Unfortunately most file formats are not tolerant of corrupted data at the beginning of files, and most files will not be recoverable this way. I would need to know your ID before I can tell you whether or not your files are decryptable.
  13. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. You will also need to disable self-protection in EAM's advanced settings before it will be possible to terminate a2start.exe this way. This does sound like the issue that @JeremyNicoll mentioned. Hopefully we'll be able to release a fix for this soon.
  17. When selecting the compression options in 7-Zip there's one called Split to volumes, bytes located in the lower left. If you select 1000M from the dropdown it will split the 7z archive into multiple 1 GB files, and then you can upload them separately and send me the links.
  18. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/