Jump to content

GT500

Member
  • Posts

    14249
  • Joined

  • Days Won

    458

Everything posted by GT500

  1. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. You're right, the end of the ID from PersonalID.txt must have been cut off when he copied it. The rest of the ID appears to be identical.
  3. I'm being told that the last update time should always update, regardless of whether or not your device is set to be locally managed or remotely managed. The last update time is based on information from the update servers, and not on information sent to the management console by Emsisoft Anti-Malware. I'm also being told that the only reason why the last update time wouldn't be updating is if Emsisoft Anti-Malware was activated with a different license key than the one associated with your workspace. Would you like to schedule a time for me to remotely connect to your computer and take a closer look at this? I'm usually available after from 12:00 AM to around 6:00 AM EDT. Note that I will need to schedule it at least 24 hours in advance to ensure I see your message in time. https://www.timeanddate.com/worldclock/usa/indianapolis
  4. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Since you have two ID's, you probably have some files with an online ID and some files with an offline ID. Our decrypter will tell you which ID each encrypted file has and whether they are online or offline ID's.
  6. The gear icon is for the settings. Was this for the workstation that's set to only be locally managed, or for another workstation?
  7. In your use case it's OK to use Emsisoft Anti-Malware Home.
  8. It was first spotted on ID Ransomware on March 30th, 2021: This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. I'll refrain from posting my usual "more information" link since it seems like you've already seen it. We only update our STOP/Djvu decrypter to fix bugs. In order to decrypt files that have been encrypted by newer variants of this ransomware, the decrypter needs private keys, and when we someone donates one to us we add it to an online database along with the ID so that the decrypter can simply check the database whenever someone runs it. Make a backup copy of them, and keep it somewhere safe. USB hard drives or flash drives are recommended as they are portable and reasonably easy to store. Backups should remain disconnected from the computer when not in use, since ransomware will usually try to encrypt any files on any connected drives (even USB drives and often network shares as well). There is a chance that some day decryption may be possible. Admittedly it's probably a small chance, however it's better than no chance at all.
  9. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. I didn't ask after remembering that EAM doesn't send any data to our online management console when set to be locally managed. As for the error in your screenshot, what did you click on before seeing the error?
  12. No. If someone pays the ransom and donates the private key for that offline ID to us, then we will add it to our database. Once we have the private key in our database, our decrypter should be able to decrypt any files that have the same offline ID.
  13. I still don't think it's Phobos, however I will ask for confirmation. Go ahead and contact Coveware if you haven't already, as they may be able to help if it does turn out to be Phobos.
  14. It looks like the decrypter was released by an independent ransomware analyst, so I recommend checking the BleepingComputer support topic to see if there's any newer information: https://www.bleepingcomputer.com/forums/t/617854/ech0raix-ransomware-qnapcryptsynology-nas-encrypt-support-topic/page-15#entry4840762
  15. ID Ransomware says the bitcoin address is the same as the one used by Phobos, however I don't think that's actually what it is. Since this appears to be a corporate request, I recommend going through our paid ransomware recovery service, especially since I'm not certain exactly what ransomware you're dealing with yet: https://www.emsisoft.com/en/ransomware-recovery-services/
  16. Thanks. I already replied via e-mail, however I've forwarded the two e-mails you sent to our management for review.
  17. Can you forward your order confirmation e-mail to [email protected]? All order confirmations are supposed to mention automatic renewals, so we'd like to see if we can find out why it's missing.
  18. Please don't post your contact information anywhere publicly visible. Spammers and scammers will try to contact you, and since the criminals who make ransomware monitor our forums they will almost certainly try to contact you and scam you out of money. As for your files, have you tried file pairs (an encrypted file and an original/unencrypted copy of the same file) with our decrypter? Assuming this is the Paradise ransomware of course: https://www.emsisoft.com/ransomware-decryption-tools/paradise
  19. I've let our management know that we may need to update our terms and conditions.
  20. Send an e-mail to [email protected] from the e-mail address you purchased the license from, and one of our support representatives will be happy to assist you.
  21. I never came back to mention it, but DiskTuna is legit, and is recommended by ransomware experts to try to repair some files that can't be decrypted. I'll replace the link to the video with the following: https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp/
  22. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. I'm not finding any information about this, however you can check the BleepingComputer support topic for this ransomware to see if there's something about it there: https://www.bleepingcomputer.com/forums/t/716458/abcd-lockbit-lock2bits-ransomware-support-topic/
  24. The downloads don't need to be encrypted. I don't normally use Firefox, so I don't know what to expect in that browser. In a Chromium based browser (or at least the one I use) it works just fine without error messages.
  25. If subscriptions are cancellable at any time, by the user via the license management controls we provide them, then no one is being "forced" to have a subscription. There is some mention of automatically renewing contracts in the first PDF at your link, and the following screenshot contains a few points that seem relevant: I live in the United States, and here many of us do not believe it is fair for executive branch agencies to make up their own rules that companies or civilians have to follow. In order for rules to change, the legislature here is supposed to pass new laws, and then executive branch agencies are expected to enforce those laws based on the reasons why they were passed into law and based on court interpretations of those laws. It's actually supposed to be illegal here for executive brand agencies to reinterpret laws on their own. And any further discussion on that treads on violating our forum guidelines, so I'll end it there.
×
×
  • Create New...