GotRansomedGuy

.rumba Ransomware Attack

Recommended Posts

My files transformed into a .rumba file after downloading an installer which I wasn't aware that it contains a ransomware virus.

All my important documents we're affected including my thesis and my digital outputs.

I was trying to recover the files using decryptors that I had found online and none seems to be working.

 

Note:

1.) I have two disks affected by the ransomware, they have two different notes but it seems that all of the file type got an added .rumba extension.

2.) According to https://id-ransomware.malwarehunterteam.com/index.php the ID of the Ransomware is STOP (Djvu)

 

I have copies of the files that got affected and the original ones which are mostly images.

File Extensions that we're affected (that I'm well aware of): .jpg, .png, .docx, .pptx, .mp3, .mp4, .ico, .rar, .wav, .pdf, .exe, .xml, .java, .txt, .dll, .pkg, .ttf, .fon , .otf, .ini, .xlsx, .dat

IMG_2828.JPG
Download Image

IMG_2829.JPG
Download Image

IMG_2828.JPG.rumba

IMG_2829.JPG.rumba

bitch_lasagna.mp4.rumba

Chapter_3_Getting_to_know_the_market.pptx.rumba

TSOGJ-DECRYPT.txt

_openme.txt

587b6cd9587b6b3811b.lock.rumba

TSOGJ-DECRYPT.txt

TSOGJ-DECRYPT.txt.rumba

TheFatRat - Jackpot (Jackpot EP Track 1).mp3.rumba

Share this post


Link to post
Share on other sites

Michael Gillespie may be able to assist with recovering your files. Please see his instructions at the following link:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-32#entry4673584

You can find information about the "STOPDecrypter" he mentions at the following link, however keep in mind that it will not be able to decrypt your files until you contact Michael and wait for him to send you more information:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-31#entry4673086

You can send him a private message either on our forums, on BleepingComputer, or on Twitter:
https://support.emsisoft.com/profile/44427-demonslay335/
https://www.bleepingcomputer.com/forums/u/726225/demonslay335/
https://twitter.com/demonslay335

Share this post


Link to post
Share on other sites

FYI: I've been told that Michael will more than likely no longer be able to help. If your files were encrypted recently enough, then the STOPDecrypter may still be able to recover them. If the ID the ransomware gave you matches the one at the following link, then Michael's STOPDecrypter will be able to recover your files:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-31#entry4673086

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.