mahmo

I am one of the victims of the (.guvara) ransomeware

Recommended Posts

please help me 

I am one of the victims of the (.guvara) ransomeware

so if any one know how to decrypt this or any way to restore my files kindly help me

Thank you 

Share this post


Link to post
Share on other sites

This is a new version of STOP-Djvu Ransomware

You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer
Only there are collected all the requests and cases where the decrypting failed. 
You need to carefully read the first post of the topic to find out what you need to provide. 

If you do not want to read there, provide the following information:

1) the extension on your encrypted files;
2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!);
3) personal ID from a ransom note or attach a this text file to your message;
4)  ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter.

But at the moment STOPDecrypter your extension does not support. 

Therefore, your message should be left there as soon as possible.

 

  • Like 1

Share this post


Link to post
Share on other sites

If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). 

Do not write both addresses! Determine exactly. This is not difficult.
It is necessary for you more, than for the developer of STOPDecrypter.
Such common errors lead to the fact that files cannot be decrypted.

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link:
https://kb.gt500.org/stopdecrypter

 

On 4/14/2019 at 8:55 PM, Amigo-A said:

This is a new version of STOP-Djvu Ransomware

You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer
Only there are collected all the requests and cases where the decrypting failed. 
You need to carefully read the first post of the topic to find out what you need to provide. 

If you do not want to read there, provide the following information:

1) the extension on your encrypted files;
2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!);
3) personal ID from a ransom note or attach a this text file to your message;
4)  ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter.

But at the moment STOPDecrypter your extension does not support. 

Therefore, your message should be left there as soon as possible.

 

.guvara

Your personal ID:
065btydsljfhsFf81PxYfUZxMhnQiibgFdsZ1rQ5zmaZdp0I9Ufbm9w


ID: 81PxYfUZxMhnQiibgFdsZ1rQ5zmaZdp0I9Ufbm9w (.guvara )

MAC: 34:F6:4B:0D:89:96

Share this post


Link to post
Share on other sites

I have forwarded your ID and MAC to the creator of STOPDecrypter. Either he or myself will contact you if he is able to figure out your decryption key.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

I have forwarded your ID and MAC to the creator of STOPDecrypter. Either he or myself will contact you if he is able to figure out your decryption key.

Thank you very much, I really appreciate that. And i wish you all the the success to figure out the decryption key.

Share this post


Link to post
Share on other sites

mahmo

In this case, we only help the victims who were attacked by this Ransomware and simplify data collection to Michael (dev STOPDecrypter).  

Now STOP Ransomware is the most active malware and crypto-ransomware. Masshtab of spread - for all countries.

  • Like 1

Share this post


Link to post
Share on other sites

I don't know if that will help or not but i can upload to you a normal  or original file before and after been encrypted to (.guvara)

Share this post


Link to post
Share on other sites

mahmo

A pair of files (encrypted and original) for new versions of STOP Ransomware are not needed.

Share this post


Link to post
Share on other sites

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post


Link to post
Share on other sites

you are amazing
thank you very much this really helps me to decrypt some files . 

but i just wondered about the other files which are still being encrypted if is there will be any another solution soon?
as i think it's not offline key that encrypt my files

Share this post


Link to post
Share on other sites

This decryptor is made to replace the previous one. The developer is the same, Demonslay335 (Michael Gillespy), but now a digitally signed Emsisoft decryptor is used. Therefore, now decryptor bears a name starting with the name of the vendor — Emsisoft.

Newer variants and versions of STOP-Djvu Ransomware are not supported in this version of the decryptor. 

Share this post


Link to post
Share on other sites

If you suspect that your files are being encrypted again, then a malicious file might remain on your PC, which update the encryptor and encrypt the files again.

Share this post


Link to post
Share on other sites
12 hours ago, mahmo said:

but i just wondered about the other files which are still being encrypted if is there will be any another solution soon?
as i think it's not offline key that encrypt my files

This new decrypter is capable of decrypting files that were not encrypted using an offline key, however it requires a little help. You need to have a few original (unencrypted) files and encrypted copies of the same files (called "file pairs") in order to upload to our decrypter page so that it can learn how to decrypt some of your files. Note that this doesn't work for all files, for instance if you upload a file pair for a PNG image, then the decrypter will be able to decrypt any other PNG pictures on your computer that were encrypted at the same time, however it won't be able to decrypt anything else, so you'll need file pairs for each type of file you need to decrypt.

The BleepingComputer article has more detailed information and instructions on how to use the decrypter.
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.