Recommended Posts

My Computer also got infected by the same ransomware. I got my windows formatted and left with encrypted files just as you have.

If any solution is available, please share with me.

 

Thanks in advance

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

Files encrypted by newer STOP Ransomware variants .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude all leave a ransom note named _openme.txt as noted here by Michael Gillespie (aka Demonslay335). Unfortunately, there is no known method at this time to decrypt files encrypted by these new variants without paying the ransom.

If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ignore all Google searches which provide links to bogus an d untrustworthy removal/decryption guides.

 

Share this post


Link to post
Share on other sites

Update: Demonslay335 (aka Michael Gillespie), a ransomware analyst with the MalwareHunterTeam, advises victims of the newer .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude STOP Ransomware variants to send their ransom note, MAC address and an encrypted and original file pair to kNN for possible future decryption of their data...see these instructions. You can use any third-party sharing site (Google Drive, OneDrive, DropBox SendSpace, Mega, etc.) to send the file pair and provide a link in your PM. However, this is not a guarantee of decryption.

Share this post


Link to post
Share on other sites
10 hours ago, quietman7 said:

Update: Demonslay335 (aka Michael Gillespie), a ransomware analyst with the MalwareHunterTeam, advises victims of the newer .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude STOP Ransomware variants to send their ransom note, MAC address and an encrypted and original file pair to kNN for possible future decryption of their data...see these instructions. You can use any third-party sharing site (Google Drive, OneDrive, DropBox SendSpace, Mega, etc.) to send the file pair and provide a link in your PM. However, this is not a guarantee of decryption.

advise will be followed

lets close these topic and continue it at this:

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.