k sashank

infected with encrypted files.

Recommended Posts

hai sir . my lap was infected by encrypted file. all files are converted into .pdff extensions. what i do ? please help me

all files including mp3, mp4, doc everything are changed to .pdff. i am unable to change that. in every folder there is a openme.txt

i attached all those files hear. please check once. please help me.

_openme.txt

Akon - Right Now (Na Na Na)_HIGH.mp4.pdff

Share this post


Link to post
Share on other sites

Files encrypted by newer STOP Ransomware variants .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude are not decryptable at this time without paying the ransom. These new variants all leave a ransom note named _openme.txt as noted here by Michael Gillespie (aka Demonslay335).

If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ignore all Google searches which provide links to bogus an d untrustworthy removal/decryption guides.

 

Share this post


Link to post
Share on other sites

Update: Demonslay335 (aka Michael Gillespie), a ransomware analyst with the MalwareHunterTeam, advises victims of the newer .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut, .djvup, .djuvq, .pdff, .tro and .tfude STOP Ransomware variants to send their ransom note, personal ID found in the ransom note, MAC address and an encrypted and original file pair to member kNN for possible future decryption of their data (see here). Victims need to follow these instructions when sending messages to kNN...be aware that time is an important factor and this is not a guarantee of decryption. You can use a third-party sharing site (Google Drive, OneDrive, DropBox SendSpace, Mega, etc.) to send the file pair and provide a link in your PM.

Share this post


Link to post
Share on other sites

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.