GT500

Emsisoft Employee
  • Content Count

    10706
  • Joined

  • Days Won

    297

Everything posted by GT500

  1. Only if law enforcement is able to catch the criminals and release their database of private keys.
  2. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. There won't be a new decrypter made for this ransomware. If private keys are made available, we can add them to our database, and the decrypter will be able to use them without need for any modifications.
  4. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. Saving money is clearly a popular topic.
  6. You're welcome. Hopefully sales will be able to get you an answer soon.
  7. Usually that depends on how quickly law enforcement is able to catch the criminals who made/distributed the ransomware. For now, the best course of action is to make a backup of all of the encrypted files, and file a report with law enforcement to help them get an idea of the impact of this ransomware: https://www.nomoreransom.org/en/report-a-crime.html
  8. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. That's an older variant, however since you have an online ID you're going to need to upload file pairs to our online submission form so that the decrypter can "learn" how to decrypt your files. There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ If recovery of your data is absolutely imperative, then Coveware may be able to negotiate a lower cost for the ransom payment for you.
  11. Upload it to VirusTotal, and then post the link to the analysis here: https://www.virustotal.com/gui/home/upload
  12. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. I didn't bother verifying it, however it was more than likely the IP address of the e-mail server. If the criminals were foolish enough to be giving away their own IP addresses, then they'd be in prison right now. BTW: I highly recommend not posting your e-mail address on a public forum. It invites spam. Also note that many of the criminals who make ransomware monitor our forums, so if you post your e-mail address here then they will attempt to contact you and extort money from you (or scam you into paying for fake decryption services).
  15. In order to decrypt your files, we'd need the private key the command and control servers generated for your files' ID. The criminals are not going to send that to you until you pay the ransom.
  16. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. No separate decrypter will be made. For offline ID's, we can simply add the keys to our database as soon as we find them, and then the decrypter will be able to use them. The database is on our servers, so no updates to the decrypter are needed. For online ID's, since we currently have no way of obtaining the private keys for these, we can't add them to our database.
  18. Most of those files appear to have been encrypted 3 times (twice by STOP/Djvu, and once by something else). This should be decryptable if you are able to supply file pairs for an MP3 file.
  19. I'm not certain what our plans are in regards to Black Friday. I'll ask sales for more information. BTW: Even if we don't have a sale of our own, at least some of our American resellers will more than likely have sales.
  20. It looks like it's .zobm rather than .zomb, and it looks like it's a brand new variant of STOP/Djvu. Since this is a newer variant of STOP/Djvu, and your ID is an online ID, note that there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. @pm7253 and @albert_juanola this is a newer variant of STOP/Djvu, and your ID's are online ID's, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. You'll have to have original copies of at least one of each type of file you'd like to decrypt. Feel free to refer to Amigo-A's list of places where you may be able to find original copies of some files.
  23. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Online ID's are assigned by the ransomware's command and control servers, whereas offline ID's are built in to the ransomware to be used when it can't connect to its command and control servers. This is important because all files with an offline ID will have been encrypted by an offline key, and thus they can all be decrypted by the same private key. Files with an online ID will have been encrypted by a random key generated by the command and control server, and thus the private key to decrypt the files will be unique to that ID.