Kevin Zoll

Emsisoft Employee
  • Content Count

    18803
  • Joined

  • Last visited

  • Days Won

    177

Everything posted by Kevin Zoll

  1. Hello @mopettit, Welcome to the Emsisoft Support Forums. No, we do not make a Mac OS version of our software are currently do not have plans to support Apple devices.
  2. @Jana519 We have published version 1.0.0.2 of the STOPdjvu decrypter that resolves the issue of it not running. You can download the new decrypter from https://www.emsisoft.com/ransomware-decryption-tools/download/stop-djvu
  3. That private key is only good for the files of the victim who paid the ransom. Every victim has a private key and in some cases private keys are generated for each file. You cannot use a private key that was generated for a different system to decrypt your files.
  4. Without paying the ransom, there is no way to get back your files, and then that is not even a sure thing.
  5. Looking at the IDs in your screen shots those are all online IDs. The files cannot be decrypted without the private encryption key which was generated and stored on command & control servers under the control of the ransomware group responsible for encrypting your files. Nobody, including us, other than then the criminals have access to those keys.
  6. IF the service is not accepting your files than the ransomware variant is not supported. Meaning, that you files cannot be decrypted.
  7. Make sure that the files being submitted are at least 150kb in size, also do not use large files either.
  8. You have to use the same file, one that is encrypted and one that is not encrypted. Your screenshot shows that you are using two different files, that just will not work. You cannot compare two files is they are not the same file.
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. Hello @Lito, Welcome to the Emsisoft Support Forums. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. Hello, Welcome to the Emsisoft Support Forums. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated recently, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try using undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation and will communicate on your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies that specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice. choice.
  12. Hello, Thank you for contacting Emsisoft Support. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated recently, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try using undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation and will communicate on your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies that specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice. choice.
  13. Hello @ljs3508, Thank you for contacting Emsisoft Support. This is very likely DHARMA(CrySiS). Unfortunately, there is no way to decrypt your files using third-party tools.
  14. Hello @juliandmm, No, we currently do not have a solution for this variant of STOP/DJVU.
  15. @Najeeb Ur Rehman, Thank you for contacting Emsisoft Support. If your files where encrypted using an online encryption key, then It is not possible to decrypt the files without paying the ransom. Which is not something we recommend you do.
  16. Hello, Thank you for contacting Emsisoft Support. The ID In the screenshot is an Online ID, and as such it is not possible to decrypt the files using our decryption tool.
  17. Hello @Tanvir Ahmed, Thank you for contacting Emsisoft Support. The ID you posted in an Online ID. Meaning that the encryption key was generated and stored on a command & control server under the control of the cyber-criminals responsible for encrypting your files. For that very reason your files cannot be decrypted using our decryption tool. Your files cannot be decrypted without paying the ransom. Which is not something we recommend you do. Instead what we recommend is backing up all your encrypted files and store them in a secure location in the event that decyprtion becomes possible in the future.
  18. Hello IsraelA, Thank you for contacting Emsisoft Support. If our decryption tool can't decrypt your files, then the files cannot be decrypted without paying the ransom.
  19. Hello @Fahad_826, @bahblo, @Luisa, Thank you for contacting Emsisoft Support. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated recently, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try using undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation and will communicate on your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies that specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice. choice.
  20. Hello @Tuna Gunt, Thank you for contacting Emsisoft Support. Your ID is an online ID and as such it is not possible to decrypt your files using our decryption tool.
  21. Hello, Thank you for contacting Emsisoft Support. If our decryption tool is unable to decrypt your files, then there is no way they can be decrypted without paying the ransom. Which is something we do not recommend. Since, you felt it was necessary to censor your personal id, which is not necessary, there is no way to determine whether it is an offline id or an online id.
  22. There are programs that require that the Remote Registry Service to be enabled as they make use of it. I never recommend that a service be disabled, if it is enabled by default.
  23. Hello, Thank you for contacting Emsisoft Support. Your Personal ID appears to be an online ID. As such, our decryption tool cannot decrypt your files.
  24. Hello Talha, Thank you for contacting Emsisoft Support. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated recently, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  25. Hello, Thank you for contacting Emsisoft Support. Your Personal ID is an online ID and as such our decryption tool cannot decrypt your files.