GT500

Emsisoft Employee
  • Content Count

    10955
  • Joined

  • Days Won

    312

Everything posted by GT500

  1. Yeah, anyone who doesn't keep a low profile while doing stuff like that tends to draw unwanted attention to themselves. Sadly that does kind of make collaboration more difficult, and forces malware analysts to stick to private communication with others they already know in the industry, or into using anonymous means of communicating publicly.
  2. Our recommended course of action is to make a backup of your encrypted files in case we are able to get our hands on the database of private keys run by the criminals so that we can add them to our decrypter. If this does happen, it will more than likely be a while before it does, so note that if you do wait you won't be able to recover your files quickly.
  3. It's difficult to estimate the chances. It doesn't happen anywhere near as often as we like, and the amount of time it takes varies so much that it's impossible to generalize. By "the software" are you referring specifically to our STOP/Djvu decrypter, or are you talking about our decrypters for other ransomware? For STOP/Djvu there was a point where they started using RSA keys, which weren't susceptible to the type of attack we were planning on using in our decrypter that relied on file pairs, and thus this method only works on older variants from before that change. Offline ID's are easy so long as we can get the keys for them, although with newer variants this requires someone who's paid the ransom for an offline ID to send us a copy of the decrypter the criminals sent them so we can extract the private key. For our other decrypters, some exist due to flaws in ransomware that allowed for easy decryption, and some exist due to decryption keys having been leaked. Decryption keys aren't always leaked by law enforcement, but sometimes by security analysis companies that gained access to the command and control servers, and there have even been a few ransomwares where the criminals making/distributing them released their database of keys for free.
  4. If law enforcement is able to gain access to the database of private keys run by the criminals, then it would be possible.
  5. If there were any possible ways to recover your files, then we'd let you know. Unfortunately I'm not aware of anything, and the staff at BleepingComputer don't seem to be aware of anything either. Traducción proporcionada por Google. Si hubiera alguna forma posible de recuperar sus archivos, se lo informaríamos. Desafortunadamente, no estoy al tanto de nada, y el personal de BleepingComputer tampoco parece estar al tanto de nada.
  6. .msop is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. This is a newer variant of STOP/Djvu. You have an offline ID, so once we can find the decryption key for this variant and add it to our database you should be able to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. I recommend running the tool once every week or two. We just need to find the private key for offline ID's for .nbes and add it to our database, and then the decrypter will be able to use it, so once that happens it will be able to decrypt your files.
  10. It always was. Nothing about the encryption format changes from extension to extension with STOP/Djvu, so the decrypter doesn't need updated. The issue is the type of encrypting they've been using for the past few months is secure, meaning we can't break it. Without private keys, decryption is impossible.
  11. If law enforcement is able to gain access to the database of private keys run by the criminals, then yes it would be possible. Yes, that's an online ID.
  12. The decryption tool does not need to be updated to support new extensions.
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. This is a newer variant of STOP/Djvu. You have an offline ID, so once we can find the decryption key for this variant and add it to our database you should be able to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. You're welcome. Hopefully it won't take too long for them to figure out what's wrong.
  16. Emsisoft Business Security is Emsisoft Anti-Malware licensed for business use. If you need the home edition instead, then please let us know.
  17. Surf Protection does appear to work fine with DoH turned on in Firefox, however I'm not familiar enough with the specifics of how Firefox's DoH support works to be able to explain why it doesn't prevent our Surf Protection from working.
  18. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. As far as I am aware, there is still no known way to decrypt files that have been encrypted by the Matrix ransomware without getting the private key from the criminals. Traducción proporcionada por Google. Hasta donde yo sé, todavía no hay una forma conocida de descifrar archivos que han sido encriptados por el ransomware Matrix sin obtener la clave privada de los delincuentes.
  20. You're saying "decryption tool", not "webpage". I'm not asking if the tool is the same. I already know it is, and that because there's only one tool that will work. Now, the important thing is, do you see the submission form at the following link? https://decrypter.emsisoft.com/submit/stopdjvu/ If the answer is "yes", then you can use it to upload file pairs. This is necessary for the decrypter to work, since you have an online ID.
  21. This is a newer variant, so uploading file pairs won't work.
  22. There are no new developments regarding STOP/Djvu decryption.
  23. It can take anywhere from weeks to years. It depends on too many factors to be able to accurately guess how long it will take.
  24. It looks like that's too many hosts for EAM. After about 10 minutes of waiting, it eventually crashed with memory usage around 1 GB. I'll report this to QA along with the memory dump.
  25. There's a possibility that the database of private keys operated by the criminals may be released if law enforcement is able to gain access to it. It's best to keep a backup of your encrypted files in case that does happen at some point.