GT500

Emsisoft Employee
  • Content Count

    13480
  • Joined

  • Days Won

    420

Posts posted by GT500


  1. 6 hours ago, victorh said:

    We have been infected with ransomware and would appreciate any help.
     
    Files are completely renamed, see below for example.
     
    [[email protected]].1Kjl9LDj-pBtpAC4a.SNTG
    [[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG
    [[email protected]].1AdtWzPV-IivcBY9w.SNTG

    That fits the extension format for the Matrix ransomware, which isn't decryptable without paying the ransom.


  2. 18 hours ago, ASHKAN said:

    Someone suggested this method to me.  what is your opinion?

    Don't trust random videos, instructions, or offers for help that you find online. Most of them aren't real, or will only help in very specific cases. If you're expected to pay for file recovery, then it's a scam (especially if they guarantee recovery), as no one except the criminals has access to the private keys needed to decrypt your files.

    • Thanks 1

  3. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  4. 22 hours ago, Didi said:

    OK, that's good to know. I sent them an email yesterday and will wait for a reply. I wrote to them months ago and after getting replies at first, I never heard from them understandably, seeing as a lot of people got in touch with them about the issue.

    Unfortunately they probably got overwhelmed by all of the victims contacting them for help.


  5. 10 hours ago, gulshannegi said:

    Is there anyway to get back to my normal Windows 10?

    If you don't format your hard drive when re-installing Windows 10, then it shouldn't overwrite your files. Programs may need to be re-installed, however many programs will retain their settings as long as you are able to use the same user account that existed on the old installation of Windows. If you can't use the same user account, then you will need to copy data from the old account to the new one after the re-install of Windows. There may be other options for recovery as well that you haven't tried yet.

    Please note that this sort of generalized PC support isn't really what we offer here (we do support for our own software and malware/ransomware infections). I recommend asking at the BleepingComputer forums as there are experts that frequent their forums who should be able to explain what your options are and help you decide what you should do to recover your computer.


  6. 12 hours ago, Didi said:

    I've downloaded the Nemty decryptor from the https://www.nomoreransom.org/en/decryption-tools.html site but the decryptor always fails.

    That's the same decrypter made by Tesorion that you had tried previously, so I'm not surprised it didn't work.

     

    12 hours ago, Didi said:

    I don't know what to do. Does anyone know of any update decryptors or what to do in general?

    Tesorion is the only one I know has made a decrypter. There are reports that victims of Nemty have been able to contact them and get help (at least with files under 2 GB in size), however there seem to be a number of others who either haven't done this or didn't have any luck trying.


  7. 13 hours ago, ADITYA95 said:

    Sir, is there any update regarding decryption of infected files ?

    No. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

    Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

    We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
    https://www.bleepingcomputer.com/

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
    https://www.bleepingcomputer.com/feed/


  8. 19 hours ago, Aishwarya5497 said:

    Approximately how much time it will take to become an offline id?

    ID's do not change. They are generated by the ransomware's command and control server when public and private keys are generated for your files (this is an online ID), or if the ransomware isn't able to communicate with its command and control servers it uses an ID and keys that are built in to the ransomware (this is an offline ID).

    Once your files are encrypted, nothing about them can change without corrupting them until they have been decrypted.


  9. 14 hours ago, Rajdeep Soni said:

    This file is encrypted.

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

    • Sad 1

  10. 20 hours ago, Kiran2020 said:

    From Last 4-5 months I am waiting for MPAJ rampsomewhere solution. 

    Is there is any update on it? Please guide if anyone got solution.

    This isn't a problem to be solved. Your files are encrypted, and you need the private key for your ID to decrypt them. Since only the criminals have the private keys, it isn't possible for your files to be decrypted unless the ransom is paid.

    Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

    We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
    https://www.bleepingcomputer.com/

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
    https://www.bleepingcomputer.com/feed/


  11. Assuming you mean the STOP/Djvu decrypter, please refer to the following from "About the STOP/Djvu Decrypter":

    Quote

    Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again.

     


  12. 13 hours ago, ParhaM said:

    Well title is the question.

    Our Behavior Blocker should delete any unknown programs that are attempting to modify the MBR.

     

    13 hours ago, ParhaM said:

    And i'd like to know if Emsisoft protect the system from being used for mining without user knowing? like there used to be some programs that used to do that when they were open in system

    Yes, most mining software is detected by Emsisoft Anti-Malware.

    • Thanks 1

  13. Have you tried our decrypter yet?
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

    Does it say your files have an online ID or offline ID? For files with offline ID's it will probably start decrypting them without requiring you to do anything else, assuming we have the private key for that variant's offline ID.

    For files with an online ID, you'll have to supply file pairs to our online submission form. There's more information at the link above.

    • Like 1

  14. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  15. 20 hours ago, rohietsethi19 said:

    Hi, 

    I have only the encryted file .redmat and don't have the other copy. How can I get the files back from the ransomware..Is there any chance

    If you have an online ID, then you have to have an original/unencrypted copy of each type of file you want to decrypt (or at least for each "first 5 bytes" the decrypter lists in its log). Without file pairs, it isn't possible to generate a keystream that can be used to decrypt your files.