Recommended Posts

My Computer also got infected by the same ransomware. I got my windows formatted and left with encrypted files just as you have.

If any solution is available, please share with me.

 

Thanks in advance

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

Files encrypted by newer STOP Ransomware variants .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude all leave a ransom note named _openme.txt as noted here by Michael Gillespie (aka Demonslay335). Unfortunately, there is no known method at this time to decrypt files encrypted by these new variants without paying the ransom.

If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ignore all Google searches which provide links to bogus an d untrustworthy removal/decryption guides.

 

Share this post


Link to post
Share on other sites

Update: Demonslay335 (aka Michael Gillespie), a ransomware analyst with the MalwareHunterTeam, advises victims of the newer .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude STOP Ransomware variants to send their ransom note, MAC address and an encrypted and original file pair to kNN for possible future decryption of their data...see these instructions. You can use any third-party sharing site (Google Drive, OneDrive, DropBox SendSpace, Mega, etc.) to send the file pair and provide a link in your PM. However, this is not a guarantee of decryption.

Share this post


Link to post
Share on other sites
10 hours ago, quietman7 said:

Update: Demonslay335 (aka Michael Gillespie), a ransomware analyst with the MalwareHunterTeam, advises victims of the newer .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude STOP Ransomware variants to send their ransom note, MAC address and an encrypted and original file pair to kNN for possible future decryption of their data...see these instructions. You can use any third-party sharing site (Google Drive, OneDrive, DropBox SendSpace, Mega, etc.) to send the file pair and provide a link in your PM. However, this is not a guarantee of decryption.

advise will be followed

lets close these topic and continue it at this:

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.