GT500

Emsisoft Employee
  • Content Count

    13290
  • Joined

  • Days Won

    412

Everything posted by GT500

  1. According to ID Ransomware that's Globe 3, which we have a decrypter for: https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-version-3-of-the-globe-ransomware/ Note that the identification is based on the bitcoin address. You didn't supply enough information for a more accurate identification than that (ideally I'd need a copy of the ransom note and an encrypted file), and it is technically possible for more than one ransomware to share the same bitcoin address (such as if they are distributed by the same criminals). If you haven't already, you can run it by ID Ransomware yourself and see what it says: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  6. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Tradução fornecida pelo Google: Esta é uma variante mais recente do STOP / Djvu. Se você tiver um ID off-line, assim que pudermos encontrar a chave de descriptografia para esta variante e adicioná-la ao nosso banco de dados, você poderá recuperar seus arquivos. No entanto, se você tiver uma ID online (o que é mais provável), não será possível recuperar seus arquivos. Há mais informações no seguinte link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. Do you have an administrator password configured in the settings? Are you logged in to Windows as a user with limited rights? Which edition of Emsisoft Anti-Malware are you using? Home, Business Security, or Enterprise Security?
  10. Technically we have a decrypter for older versions of this ransomware, however I am seeing reports that it does not work with newer variants. You can download the decrypter at this link. Trend Micro also has a ransomware decrypter that may support older versions of this ransomware as well, however I have also heard reports that it doesn't work with newer versions either. More information is available at this link. Feel free to try the decrypters, however I don't expect either of them will work. If you know where the ransomware came from, we need a copy of the malicious file that infected the computer and encrypted the files in order to see what has changed so that we know whether or not we can update our decrypter. Malicious/dangerous files can be uploaded to VirusTotal and the link to the analysis can be posted here. Please don't upload such files to file sharing networks and post the links here, as we don't want others to be able to download the files (mistakes happen and we'd hate for someone to accidentally encrypt their files).
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. The ransomware only encrypts a small portion of the beginning of each file. For most files this is enough to ensure that they can never be opened/used again, however for some larger files (if the file format is forgiving enough to allow it) they can be recovered. Videos are the easiest to recover. Most pictures require some data restructuring to be done by hand in order to be recoverable. If a file recovery software was able to recover some pictures, then that would be the exception rather than the rule.
  14. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. No, unfortunately nothing new has been discovered about this ransomware.
  19. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. Within the past few months. Note that the decrypter is only updated to fix bugs, and there is no need to update it to add decryption keys. It pulls those from an online database, so it always has the latest list of private keys available when you run it. This is why I tell those with offline ID's to run the decrypter once every week or two, as once the private key for their offline ID is available the decrypter will start decrypting their files.
  21. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  22. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. @FNP-45 we've discovered the source of the bug, however it may take some time for it to be fixed (we have to wait for third-party code we use to get updated). Fortunately there is a workaround that you can use in our "Cloud Console" that is available via MyEmsisoft. We have instructions on how to create a "workspace" in your MyEmsisoft account, and assign a license key to it at the following link: https://help.emsisoft.com/en/3097/how-do-i-migrate-my-personal-license-to-a-cloud-console-workspace/ There is more information about how to use our Cloud Console in the user guide at the following link: https://help.emsisoft.com/en/2323/emsisoft-cloud-console-user-guide/ Once you have followed the instructions at the first link for creating a workspace, assigning a device to it, and migrating your license key to the workspace all you have to do is go to your workspace in the menu on the left on the MyEmsisoft website, select your workspace from the list, and then select the device you would like to manage. From there simply click on the blue Settings tile, and scroll down until you find your scheduled scans. The interface for editing the scheduled scans should be similar to what you're used to in Emsisoft Anti-Malware.
  24. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/