Eng_Chetan

Ransomware attack - (.DJVUR)

Recommended Posts

My PC got affected on 5-Jan 2019 evening with this ransomware ".DJVUR"n ad all media files (JPG, PDH, MP4, MS Office etc) got affected with change in extension. I tried everything possible to remove the Ransomware. My PC was creating lot of issues so I got it formatted and Now I am left with the encrypted files most of them is my personal photos, videos and reading material. I am looking for suitable decryptor to recover my files. Please help me to recover back my data.

Thanks in advance

Share this post


Link to post
Share on other sites

me too...my PC on 5 -Jan 2019 morning got this ransomware

its  the first time i got this kind of bad virus - and some of my files encrypted with .djvur extension

specially the books and multimedia and some rar and iso

i could able to stop it by formatting my PC but i still have those files encrypted with _openme.txt note file

any idea how to decrypte the files even maybe with a tool ----i need to rescue this files

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

job done here you are sir:

https://id-ransomware.malwarehunterteam.com/identify.php?case=f267a9e1718ebfe18e19bf9956fd9b2c7a744c70

i hope you find help for us

if you need anything just ask

also ...i think this is the infected file:

http://snowfiles.com/tyubog90pdyk

be careful don't download and use this file on your PC it will destroy your data with .djvur encryption

only use it in a restricted machine-----------let me know if anything new found

Edited by GT500
Made link non-clickable.

Share this post


Link to post
Share on other sites

That link is to one of those obnoxious download sites that hides the read download link under a bunch of ads. I was told by one of our malware analysts that you have to click on the close button in one of the ads three times before it would show the real download button. Do you remember if you did that, or if you clicked on the download button in one of the ads?

Share this post


Link to post
Share on other sites
20 hours ago, GT500 said:

That link is to one of those obnoxious download sites that hides the read download link under a bunch of ads. I was told by one of our malware analysts that you have to click on the close button in one of the ads three times before it would show the real download button. Do you remember if you did that, or if you clicked on the download button in one of the ads?

no --it works fine .but it has some stupid ads

you must click the blue button until it stops showing ads then you can download it

also be careful a gain run it on a restricted PC or vm

Share this post


Link to post
Share on other sites
1 hour ago, imdead said:

you must click the blue button until it stops showing ads then you can download it

One of our malware analysts already did that, and the downloaded file did not appear to be ransomware.

Share this post


Link to post
Share on other sites
https://monova.to/0493A0CC721FD6BA5505AA3818068E3E9E6610B1

 

i found djuvr from here.

Edited by GT500
Made link non-clickable.

Share this post


Link to post
Share on other sites
15 hours ago, askkali said:
https://monova.to/0493A0CC721FD6BA5505AA3818068E3E9E6610B1

 

i found djuvr from here.

Thank you. I have forwarded that to our malware analysts so that they can take a look at it. I'll let you know if they find anything useful.

Share this post


Link to post
Share on other sites

It's been identified as a variant of the STOP ransomware. Michael Gillespie is still analyzing the encryption method, however there is someone who has offered to assist people with possibly decrypting their files. There is more information at the following links:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-15#entry4663667
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-16#entry4663935

Share this post


Link to post
Share on other sites

if any one has an infected setup file or .exe file with this kind of ransom **** share it with us here or paste the link

I'm proud to check it

Share this post


Link to post
Share on other sites
2 hours ago, imdead said:

if any one has an infected setup file or .exe file with this kind of ransom **** share it with us here or paste the link

I'm proud to check it

We discourage sharing of potentially malicious files with others on these forums. It's best to upload things to VirusTotal, and send a link to the analysis to us. Or to send them to us privately.

Share this post


Link to post
Share on other sites
On ‎1‎/‎15‎/‎2019 at 1:15 AM, GT500 said:

It's been identified as a variant of the STOP ransomware. Michael Gillespie is still analyzing the encryption method, however there is someone who has offered to assist people with possibly decrypting their files. There is more information at the following links:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-15#entry4663667
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-16#entry4663935

Thanx for this info.. I have now sent him my info

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   1 member