Jump to content

GT500

Member
  • Posts

    14249
  • Joined

  • Days Won

    457

Everything posted by GT500

  1. They'll usually publish a news article when a new decrypter is released, or when there's major news about an older decrypter being updated to decrypt more victims' files. They also have a help and support topic on their forums for STOP/Djvu, which you can monitor if you'd like: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. BTW: I'm being told that the BSoD issue may be caused by another WFP driver on your system. FRST logs may help us determine if this may be the case. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Note that the information at that link contains something that may help recover some video and music files.
  6. WeTransfer has a reasonably high limit on file sizes (used to be 2GB, but may have been increased). Make sure to password protect anything you upload to them though, as they are known for having had a security breach in the past. You can send me the password in a private message along with the download link.
  7. That may be related to Windows kernel power. Do you know how to change your power plan in Windows?
  8. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  9. The STOP/Djvu ransomware is relatively easy to remove, and most Anti-Virus software can detect it, so it shouldn't be a problem to remove it. You can use Emsisoft Emergency Kit (free for home/personal use) if you'd like: https://www.emsisoft.com/en/tools/emergencykit/ Have they sent you anything at all? If they sent you your private key, then we can add it to our database and then you would be able to use our decrypter.
  10. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. OK, it's on the schedule.
  15. Do you remember the stop code on the BSoD screen? If not, then it would be in the event logs, or in the memory dumps.
  16. This ransomware hasn't changed much since it was first analyzed over 2 years ago. The only major change was when they switched to using RSA keys, which is what makes the ransomware non-decryptable. Right now there's no way to decrypt files that have been encrypted by the STOP/Djvu ransomware without having the private key for the ID embedded in the encrypted files.
  17. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Google tarafından sağlanan çeviri: Bu, STOP / Djvu'nun daha yeni bir çeşididir. Neyse ki kimliğiniz çevrimdışı bir kimliktir, ancak henüz bunun için özel anahtarımız yok. Varyantınız için özel anahtarı ne zaman ekleyebildiğimizi görebilmeniz için şifre çözücüyü haftada bir veya iki kez çalıştırmanızı öneririm. Aşağıdaki bağlantıda daha fazla bilgi var: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. Berlin is on the same time you are, right? If I add Berlin and Indianapolis to a meeting planner, it looks like midnight for me is 6:00 AM for you, and 5:00 PM for you is 11:00 AM for me: https://www.timeanddate.com/worldclock/meetingtime.html?month=4&day=10&year=2021&p1=105&p2=37&iv=0 Unfortunately it doesn't look like I can be available when you are, unless you can find time before 2:00 PM. Weekends work for me, if that makes things easier. The only days I don't have available for certain are the 12th and the 13th of April, but any other day should work.
  20. I'm actually seeing consistent CPU usage from a2service.exe today on my own system, so assuming it has the same cause as the issue you're having I'm going to collect some debug logs for this and send them to QA.
  21. There is a way to repair some types of files that are tolerant of missing data (certain video and audio/music files for instance), however most types of files can't be repaired this way. You can find more information at the link I posted earlier.
  22. By default Emsisoft Business Security checks for updates every hour, and if there's anything in the Quarantine then it will be automatically rescanned to make sure there were no false positives. I recommend either deleting files from the Quarantine, or disabling the Quarantine re-scan feature (you can find it in the Advanced settings, both in Emsisoft Business Security and in the workstation or policy settings in your workspace at MyEmsisoft if you use it for online management).
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. Correct, the decrypter requires an Internet connection in order to check ID's with our database to see if we have private keys for decryption.
  25. That appears to be the Maoloa ransomware. It's not possible to decrypt files that have been encrypted by it.
×
×
  • Create New...