bryanclemente 0 Report post Posted April 8 Hi! I was infected by Ransomware last month. And I thought my local hard drive is the only one infected. But unfortunately, my external hard drives that are connected are also infected. Please help... I'm willing to spend time and follow instructions this time. The name of the ransomware is .promoz. Thank you for the big help! FRST.txt Addition.txt FRAME 2.jpg.promoz _readme.txt Quote Share this post Link to post Share on other sites
stapp 130 Report post Posted April 8 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like one of our experts to review them. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 8 That's a variant of the STOP ransomware:https://id-ransomware.malwarehunterteam.com/identify.php?case=1f114e09723aff0219904a02fac3b34e2fd10da6 Your ID doesn't appear to be an offline ID, so the chances of being able to decrypt your files is slim. That being said, if you download STOPDecrypter from the following link, run it, and copy and paste the ID and MAC it gives you into a reply then I can forward them to the create of STOPDecrypter in case he is able to figure out your decryption key at some point in the future:https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted April 8 I'll check on it tomorrow, once I'm in the office. Will get back as soon as possible. Thank you so much! Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted April 9 Hi @stapp, here's the result. 1 Result STOP (Djvu) This ransomware may be decryptable under certain circumstances. Please refer to the appropriate guide for more information. Identified by ransomnote_email: [email protected] sample_extension: .promoz sample_bytes: [0x35061 - 0x3507B] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D Click here for more information about STOP (Djvu) Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted April 9 Hi @GT500, I want to try this but is it safe to do it on my working pc? Cause, I read that it's pretty dangerous to try this as if it fails it might damage my files. Should I do it on a usb and a different pc that won't affect any files? I want to try doing this on my Mac since I just reformatted it but I don't think there's a Mac version for this. Right? I just want to know the safety measures in trying this. Thank you @GT500! Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 9 9 hours ago, bryanclemente said: I want to try this but is it safe to do it on my working pc? Cause, I read that it's pretty dangerous to try this as if it fails it might damage my files. It won't try to decrypt your files if it can't find a key for your ID, and I'm about 90% certain it won't have a key for your ID, so as long as you don't try to manually enter a key then your files shouldn't remain unaffected. 9 hours ago, bryanclemente said: Should I do it on a usb and a different pc that won't affect any files? You should be able to do that if you want to. I think all you need is a copy of an encrypted file and the ransom note for the decrypter to get the ID from. 9 hours ago, bryanclemente said: I want to try doing this on my Mac since I just reformatted it but I don't think there's a Mac version for this. Right? You are correct that there is no Mac version. If you want to do it on your Mac, then you'd have to use a Virtual Machine to run Windows on the Mac. Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted April 10 @GT500 Okay, I'll try do this. Hopefully, it'll work. So my best chances of decrypting this is by trying this and waiting for the future decrypting tool. If ever where can I follow up the future decrypting tool? Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 10 12 hours ago, bryanclemente said: So my best chances of decrypting this is by trying this and waiting for the future decrypting tool. You won't need a new decryption tool, you'll just need a decryption key to enter into STOPDecrypter so that it can decrypt your files. 12 hours ago, bryanclemente said: If ever where can I follow up the future decrypting tool? If the creator of STOPDecrypter is ever able to figure out your decryption key, then either he will contact you directly, or he'll let me know and I'll contact you. Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted April 13 On 4/11/2019 at 1:39 AM, GT500 said: If the creator of STOPDecrypter is ever able to figure out your decryption key, then either he will contact you directly, or he'll let me know and I'll contact you. Does he knows about our conversation? or can I contact him? Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 15 On 4/13/2019 at 1:28 PM, bryanclemente said: Does he knows about our conversation? or can I contact him? He'll know about our conversation when I send him your ID and MAC. Once he has that information, he'll be able to contact you if he figures out your decryption key. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 15 If you want more detailed instructions on using STOPDecrypter to get your ID and MAC address, then you can find them at the following link:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted April 20 On 4/16/2019 at 2:06 AM, GT500 said: He'll know about our conversation when I send him your ID and MAC. Once he has that information, he'll be able to contact you if he figures out your decryption key. Alright!! Thank you so much Sir! Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted April 20 On 4/16/2019 at 3:22 AM, GT500 said: If you want more detailed instructions on using STOPDecrypter to get your ID and MAC address, then you can find them at the following link:https://kb.gt500.org/stopdecrypter Will try this! Thank you! Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted April 23 You're welcome. If you need any help with the instructions, then let me know. If you'd prefer to post your ID and MAC address on BleepingComputer as mentioned in the instructions, then feel free to do so. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 19 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 20 On 10/19/2019 at 9:06 AM, GT500 said: We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Thank you so much! I just checked it. But unfortunately I was not able to automatically decrypt my files. I have to pair first. I tried on some pdf files and glady it works!! But the my problem right now is that. I have to make all my files be processed. And some of my files are really big. So I will have a hard time uploading it. My question will does all of my files needs to be learnt? And what if I have bigger files? I've read that you guys can help if the files are so big. Thank you for the big help! Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 20 You need to upload files of different formats to the new decryption service, but you need to do this separately for each file type (PNG, JPG, DOC, PDF, RTF, TXT... ) If you found the largest original PDF, then need find its encrypted version. This must be uploaded to the service so that the decryptor finds a way to decrypt this file. After that, you should try to decrypt all other PDF files. Similarly, you need to do with other types of files. This way you can decrypt almost all files, but it will take a lot of time for all operations. Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 20 1 hour ago, Amigo-A said: You need to upload files of different formats to the new decryption service, but you need to do this separately for each file type (PNG, JPG, DOC, PDF, RTF, TXT... ) If you found the largest original PDF, then need find its encrypted version. This must be uploaded to the service so that the decryptor finds a way to decrypt this file. After that, you should try to decrypt all other PDF files. Similarly, you need to do with other types of files. This way you can decrypt almost all files, but it will take a lot of time for all operations. I did try it! And it is working! Thank you very for that. However, I tried putting and MP4 file which is just 85mb and it is not giving me a result. And I thought that maybe because it is a big file. And I read that for bigger files I should ask for support. Is this something that you can work on? Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 20 5 hours ago, bryanclemente said: Is this something that you can work on? Perhaps tomorrow you will be answered by the employees of Emsisoft or Demonslay335. Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 21 Got it! Thank you so much! Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 21 9 hours ago, Amigo-A said: Perhaps tomorrow you will be answered by the employees of Emsisoft or Demonslay335. Got it! Thank you so much! Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 21 On 10/20/2019 at 10:52 AM, bryanclemente said: However, I tried putting and MP4 file which is just 85mb and it is not giving me a result. And I thought that maybe because it is a big file. And I read that for bigger files I should ask for support. Is this something that you can work on? If you have a file pair that's too big, you can ZIP the files and share them with us via a file sharing service (Mega, MediaFire, Zippyshare, etc). Send the download link in a private message, and feel free to use a password when zipping the files, or if the file sharing service allows it then when uploading the file (Mega should allow encrypting files with a password, however I'm not certain if that feature is available for free). If you don't already have an archive manager, then you can use 7-Zip or WinRAR. Once installed, you can right-click on a file and there will be options to compress files with them. We can open any archive format that these tools can create (ZIP, 7z, RAR, etc). Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 22 10 hours ago, GT500 said: If you have a file pair that's too big, you can ZIP the files and share them with us via a file sharing service (Mega, MediaFire, Zippyshare, etc). Send the download link in a private message, and feel free to use a password when zipping the files, or if the file sharing service allows it then when uploading the file (Mega should allow encrypting files with a password, however I'm not certain if that feature is available for free). If you don't already have an archive manager, then you can use 7-Zip or WinRAR. Once installed, you can right-click on a file and there will be options to compress files with them. We can open any archive format that these tools can create (ZIP, 7z, RAR, etc). Hi GT500, Sent the link on your private message. Thank you! Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 22 14 hours ago, bryanclemente said: Hi GT500, Sent the link on your private message. Thank you! I've forwarded your download link to the analyst who made the decrypter, and I'll let you know once he's had a chance to take a look at them. Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 23 6 hours ago, GT500 said: I've forwarded your download link to the analyst who made the decrypter, and I'll let you know once he's had a chance to take a look at them. Thank you very much Sir! Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 24 @bryanclemente I was told that you'd already submitted a file pair that should allow the decrypter to decrypt your MP4 files (or at least any that start with the same 5 bytes). Are you having trouble with MP4 decryption? Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 24 5 hours ago, GT500 said: @bryanclemente I was told that you'd already submitted a file pair that should allow the decrypter to decrypt your MP4 files (or at least any that start with the same 5 bytes). Are you having trouble with MP4 decryption? Yes, my only problem is the MP4 files. It's not giving me a result. I will press submit and then it will load but then go back again to submit button without giving me any result. And I thought maybe because it is a big file. But it's only 85 mb. Download Image Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 24 Hello @bryanclemente Upload these files to the exchange service, give a download link and specialists will try to find the reason, if they do not already know. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 25 19 hours ago, bryanclemente said: Yes, my only problem is the MP4 files. It's not giving me a result. I will press submit and then it will load but then go back again to submit button without giving me any result. And I thought maybe because it is a big file. But it's only 85 mb. They were already submitted once, so that could be the problem. What happens when you try to run the decrypter to decrypt your MP4 files? Does it give you an error? Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 27 On 10/25/2019 at 10:14 AM, GT500 said: They were already submitted once, so that could be the problem. What happens when you try to run the decrypter to decrypt your MP4 files? Does it give you an error? Upon checking it now, I think it is now able to decrypt my .MP4 files. Will update you guys If I have any trouble. Thank you! Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 28 Hi @GT500, Just wondering if there's any solution to files lower the 150 KB? Cause I have Premiere and After Effects files that has encryted and original. But the problem is it is less than 150 KB... Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 29 On 10/28/2019 at 3:04 AM, bryanclemente said: Just wondering if there's any solution to files lower the 150 KB? Cause I have Premiere and After Effects files that has encryted and original. But the problem is it is less than 150 KB... The file used for the file pair can't be under 150 KB, however I'll have to ask if the decrypter could handle files that small. There are some oddities to how STOP/Djvu encrypts files, which may complicate things. Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 29 33 minutes ago, GT500 said: The file used for the file pair can't be under 150 KB, however I'll have to ask if the decrypter could handle files that small. There are some oddities to how STOP/Djvu encrypts files, which may complicate things. Got it! I understand. Just let me know if there's any answer to that. Will patiently wait. Thank you so much! Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 29 3 hours ago, bryanclemente said: Got it! I understand. Just let me know if there's any answer to that. Will patiently wait. Thank you so much! I've been told that file size doesn't matter for decryption. It only matters when submitting file pairs (if the files are too small, then the decrypter won't be able to decrypt files that are larger). Quote Share this post Link to post Share on other sites
bryanclemente 0 Report post Posted October 29 1 minute ago, GT500 said: I've been told that file size doesn't matter for decryption. It only matters when submitting file pairs (if the files are too small, then the decrypter won't be able to decrypt files that are larger). Yup! That's exactly my problem, when submitting the file pairs. Hmmn.. Okay, so I guess I really find files that are at least 150kb in size. If there's any solution to it. Just let me know. Thanks GT500! Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted October 30 18 hours ago, bryanclemente said: If there's any solution to it. Just let me know. There's a theoretical solution. If you can ZIP the largest file pair you have and attach it to a reply, we can attempt to add support for it to the decrypter. It may not work, or at least it may leave the decrypted files partially corrupted, however we can give it a try if you want to. Quote Share this post Link to post Share on other sites
Yuselita 0 Report post Posted 22 hours ago Hi! I also have the same problem. I was infected by Ransomware this morning. And I thought my local hard drive is the only one infected. But unfortunately, my external hard drives that are connected are also infected. Please help, The name of the ransomware is .gesd The contact that attached to my invected harddisk external is like this: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-063L4ferhE Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0191gtd374y5iuhld6gK7ygUzrA2fGU2JpeDCMPTnBANV3N32v2Ib2ZKn " Thank you for the big help! Quote Share this post Link to post Share on other sites
Samarth Bhardwaj 0 Report post Posted 17 hours ago Hello today on 03:28 PM IST my PC was attacked with ransomware which is in .gesd file extension, pls help Quote Share this post Link to post Share on other sites
