GotRansomedGuy 0 Report post Posted January 22 My files transformed into a .rumba file after downloading an installer which I wasn't aware that it contains a ransomware virus. All my important documents we're affected including my thesis and my digital outputs. I was trying to recover the files using decryptors that I had found online and none seems to be working. Note: 1.) I have two disks affected by the ransomware, they have two different notes but it seems that all of the file type got an added .rumba extension. 2.) According to https://id-ransomware.malwarehunterteam.com/index.php the ID of the Ransomware is STOP (Djvu) I have copies of the files that got affected and the original ones which are mostly images. File Extensions that we're affected (that I'm well aware of): .jpg, .png, .docx, .pptx, .mp3, .mp4, .ico, .rar, .wav, .pdf, .exe, .xml, .java, .txt, .dll, .pkg, .ttf, .fon , .otf, .ini, .xlsx, .dat Download Image Download Image IMG_2828.JPG.rumba IMG_2829.JPG.rumba bitch_lasagna.mp4.rumba Chapter_3_Getting_to_know_the_market.pptx.rumba TSOGJ-DECRYPT.txt _openme.txt 587b6cd9587b6b3811b.lock.rumba TSOGJ-DECRYPT.txt TSOGJ-DECRYPT.txt.rumba TheFatRat - Jackpot (Jackpot EP Track 1).mp3.rumba Quote Share this post Link to post Share on other sites
GT500 586 Report post Posted January 22 Michael Gillespie may be able to assist with recovering your files. Please see his instructions at the following link:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-32#entry4673584 You can find information about the "STOPDecrypter" he mentions at the following link, however keep in mind that it will not be able to decrypt your files until you contact Michael and wait for him to send you more information:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-31#entry4673086 You can send him a private message either on our forums, on BleepingComputer, or on Twitter:https://support.emsisoft.com/profile/44427-demonslay335/https://www.bleepingcomputer.com/forums/u/726225/demonslay335/https://twitter.com/demonslay335 Quote Share this post Link to post Share on other sites
GT500 586 Report post Posted January 22 FYI: I've been told that Michael will more than likely no longer be able to help. If your files were encrypted recently enough, then the STOPDecrypter may still be able to recover them. If the ID the ransomware gave you matches the one at the following link, then Michael's STOPDecrypter will be able to recover your files:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-31#entry4673086 1 Quote Share this post Link to post Share on other sites
GT500 586 Report post Posted yesterday at 05:23 AM We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
